Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Achtung! Ihr Computer wurde gesperrt (Win Vista)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.02.2012, 16:01   #1
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Sehr geehrtes Trojaner-Board Team,

vielen Dank, dass es Euch gibt!

Ich habe ein WinVista system mit 32 Bit, und habe mir wie viele Vorposter eingefangen, der meinen PC im nicht abgesicherten Modus sperrt.

Es erscheint eine Meldung, die vorgibt vom Microsoft Security Center zu kommen mit dem sinngemäßen Inhalt: 100 € innerhalb von 24 h zahlen oder alle persönlichen Daten werden gelöscht etc.

Ich habe einen Vollscan mit Malewarebytes durchgeführt (Dauer 1-2 Stunden).

Füre jede Art von Hilfe was ich jetzt tuen soll wäre ich sehr dankbar.

Den Inhalt des Logs habe ich unten in einen Tag gepackt, und starte den PC jetzt neu, weil Maleware das zum Entfernen der gefundenen Objekte so haben möchte.

Code:
ATTFilter
  Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\VirRLWarning.WarningBHO (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\VirRLWarning.WarningBHO.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\e405.e405mgr (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81EBFD7-0FA3-41EC-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start (Trojan.Zlob) -> Daten: C:\Program Files\Applications\iebtm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 13
HKCU\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Windows\System32\675873 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-3b5c011c (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\IUSR_NMPR\Desktop\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\Favorites\Antivirus Scan.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\Documents\My Documents.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 05.02.2012, 19:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Log ist unvollständig, der Kopf fehlt. Logs immer vollständig posten!
__________________

__________________

Alt 05.02.2012, 22:21   #3
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Oh, tut mir Leid, habe ich gar nicht gemerkt.

Ich habe zwischenzeitlich geguckt, ob der PC im normalen Modus wieder läuft.

Das tut er anscheinend ganz normal. Muss ich deswegen den Scan nochmal starten?

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.04.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19170
Besitzer :: BESITZER-PC [Administrator]

Schutz: Deaktiviert

04.02.2012 14:52:10
mbam-log-2012-02-04 (14-52-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 513943
Laufzeit: 1 Stunde(n), 42 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\VirRLWarning.WarningBHO (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\VirRLWarning.WarningBHO.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\e405.e405mgr (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81EBFD7-0FA3-41EC-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start (Trojan.Zlob) -> Daten: C:\Program Files\Applications\iebtm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 13
HKCU\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Windows\System32\675873 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-3b5c011c (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\IUSR_NMPR\Desktop\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\Favorites\Antivirus Scan.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Besitzer\Documents\My Documents.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________

Alt 05.02.2012, 22:46   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.02.2012, 06:47   #5
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Hallo Arne,

danke für die weitere Hilfe. Hier das Log.


Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=474780e7505edf448ccc6a0ab651a3b8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-07 12:17:39
# local_time=2012-02-07 01:17:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 154832 166093473 0 0
# compatibility_mode=8192 67108863 100 0 3910 3910 0 0
# scanned=315977
# found=12
# cleaned=0
# scan_time=13114
C:\Program Files\Uniblue\RegistryBooster 2010\Launcher.exe	a variant of Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Uniblue\RegistryBooster 2010\registrybooster.exe	Win32/RegistryBooster application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\AppData\Local\Temp\ICReinstall\Facemoods.exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\27209327-47ce5d18	probably a variant of Java/Exploit.CVE-2011-3544.AK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\014.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\022.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\028.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\031.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\034.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\039.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Besitzer\Downloads\eMule\Temp\046.part	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)	00000000000000000000000000000000	I
         


Alt 07.02.2012, 11:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Zitat:
C:\Program Files\Uniblue\RegistryBooster 2010\Launcher.exe
Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.


Funktioniert der normale Modus wieder? Wenn ja: Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Achtung! Ihr Computer wurde gesperrt (Win Vista)

Alt 08.02.2012, 17:27   #7
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.02.2012 18:01:29 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Besitzer\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 54,15% Memory free
6,71 Gb Paging File | 5,14 Gb Available in Paging File | 76,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458,27 Gb Total Space | 48,58 Gb Free Space | 10,60% Space Free | Partition Type: NTFS
Drive D: | 7,49 Gb Total Space | 1,00 Gb Free Space | 13,38% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 420,07 Gb Free Space | 90,19% Space Free | Partition Type: NTFS
Drive G: | 3,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 74,52 Gb Total Space | 23,38 Gb Free Space | 31,38% Space Free | Partition Type: NTFS
 
Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.08 17:57:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Downloads\OTL.exe
PRC - [2012.02.02 10:24:42 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe
PRC - [2012.01.25 18:49:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.05 15:27:31 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.16 20:02:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.11.11 20:51:26 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.12.22 18:43:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.09 05:19:16 | 000,054,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe
PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.10.28 23:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2008.10.28 23:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe
PRC - [2008.10.28 23:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2008.10.24 13:33:00 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008.10.08 10:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2008.09.30 15:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2008.09.30 15:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.09.27 00:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE
PRC - [2008.06.10 19:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008.01.15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2007.10.19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.05.29 16:19:08 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007.02.10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007.02.10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007.01.09 15:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007.01.04 18:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2006.09.03 10:32:28 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2005.03.08 11:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.14 14:53:36 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor\f727af852ac72afb83a7c51fc6d83216\HPAdvisor.ni.exe
MOD - [2012.01.14 14:53:31 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012.01.14 14:53:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2012.01.05 15:27:28 | 014,410,024 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll
MOD - [2012.01.05 15:27:14 | 000,194,344 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll
MOD - [2012.01.05 15:27:13 | 000,155,432 | ---- | M] () -- C:\Programme\Steam\bin\avformat-52.dll
MOD - [2012.01.05 15:27:13 | 000,091,432 | ---- | M] () -- C:\Programme\Steam\bin\avutil-50.dll
MOD - [2012.01.05 15:27:12 | 000,914,216 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-52.dll
MOD - [2011.10.13 16:56:02 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll
MOD - [2011.10.13 15:59:23 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011.10.13 15:58:39 | 000,338,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemStatus\2978900797f76c3eb4088ee4d4476224\SystemStatus.ni.dll
MOD - [2011.10.13 15:58:38 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\017c1b1f5d669fa74a6ed0a8d694eaaa\RemotingClient.ni.dll
MOD - [2011.10.13 15:58:35 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\cd3b5fd7e08aed4e0e1ecd31427133b0\MessagingServer.ni.dll
MOD - [2011.10.13 15:58:35 | 000,055,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\1e85cab1b4739e504064dec7d9e273c8\MessagingMessages.ni.dll
MOD - [2011.10.13 15:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\27b7334560c8b098e5ae12db6fd4f86a\MessagingInterface.ni.dll
MOD - [2011.10.13 15:58:34 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\072a39aba91486f3bd912925141465e2\MessagingClients.ni.dll
MOD - [2011.10.13 15:58:32 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Content\e15bf096f987e63379ae59e34a0d6502\Content.ni.dll
MOD - [2011.10.13 15:58:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CeeWrtier\7c0dcd11d8a241e3f6051863f6afe497\CeeWrtier.ni.dll
MOD - [2011.10.13 15:58:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.13 15:31:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.13 15:31:25 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.13 15:31:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.13 15:31:09 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011.10.13 15:30:58 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c472b6ac873a7ff2ebc5bb9eb0f9ce0\PresentationFramework.Classic.ni.dll
MOD - [2011.10.13 15:30:56 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011.10.13 15:30:39 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011.10.13 15:30:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011.10.13 15:30:24 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.13 15:29:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.06.19 14:24:21 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010.11.09 04:08:50 | 000,351,800 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2010.11.09 04:08:48 | 001,502,264 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.08.05 11:26:14 | 000,061,440 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009.08.05 11:26:12 | 000,131,072 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009.08.05 11:25:50 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.12.03 14:05:26 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.26 10:56:02 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.11.06 23:20:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2007.10.19 12:17:40 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.05 15:27:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.08.24 18:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.10.28 23:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008.10.28 23:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.10.28 23:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2008.10.24 13:33:00 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.10.02 18:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008.06.10 19:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.10.19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.10.19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.05.29 16:19:08 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)
SRV - [2007.01.13 17:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007.01.12 13:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.01.04 18:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006.09.11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006.09.11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006.09.11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006.09.11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006.09.03 10:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006.08.31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006.05.10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.03.04 10:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.10.02 16:27:25 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.02 16:27:24 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009.08.18 16:09:20 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.08.16 23:57:00 | 009,545,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.08.03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.08.03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.08.03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.08.03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009.08.03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.08.03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008.10.28 23:01:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2008.10.28 23:01:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2008.10.28 23:01:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2008.10.28 23:01:30 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2008.10.28 23:01:28 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2008.10.28 17:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2008.10.28 17:03:28 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2008.10.28 17:03:28 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.10.02 18:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2008.02.26 08:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008.02.14 02:51:52 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080508.002\IDSvix86.sys -- (IDSvix86)
DRV - [2007.11.30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.10.19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.10.12 03:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
DRV - [2007.10.12 03:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.10.12 03:00:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2007.10.12 03:00:08 | 002,091,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2007.10.12 02:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.10.11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007.10.11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.04.14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.04.13 14:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005.02.22 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=gppc"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {53b7f561-e49d-4a38-bc38-0f2642cee09c}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.14 19:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 18:26:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.16 20:03:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.16 20:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 01:15:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 18:26:17 | 000,000,000 | ---D | M]
 
[2009.01.01 20:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions
[2012.02.07 19:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions
[2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}
[2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com
[2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml
[2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml
[2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml
[2012.02.06 21:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.12.06 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.08 18:26:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2009.02.18 17:58:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009.03.26 13:19:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010.12.06 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.16 20:03:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010.12.06 22:55:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: WPI Application Detector (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..Trusted Domains: fritz.box ([]* in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137BBA82-2AF6-4D84-97A7-305ED9505D73}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43684FD5-120A-471B-89C1-9EAF2B4C2D17}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FCAB2C-53E6-4596-9C3B-78D24F359C8E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Besitzer\Pictures\Ford-Mustang-934.jpg
O24 - Desktop BackupWallPaper: C:\Users\Besitzer\Pictures\Ford-Mustang-934.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.09.26 10:56:31 | 000,000,000 | ---D | M] - G:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2008.10.17 20:30:51 | 001,046,016 | R--- | M] () - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.02.15 13:28:38 | 000,000,081 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ]
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: 00PCTFW - hkey= - key= -  File not found
MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= -  File not found
MsConfig - StartUpReg: Comrade.exe - hkey= - key= - C:\Programme\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()
MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
MsConfig - StartUpReg: VirRL2009 - hkey= - key= -  File not found
MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
MsConfig - StartUpReg: wblogon - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.04 14:49:34 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
[2012.02.04 14:49:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.04 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.04 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.04 14:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.08 17:46:50 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job
[2012.02.08 17:43:36 | 000,062,716 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.08 17:43:36 | 000,062,716 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.08 17:43:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.08 17:43:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 17:43:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 17:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.07 22:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.07 17:28:05 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Besitzer.job
[2012.02.05 23:05:15 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBesitzer.job
[2012.02.04 18:24:30 | 000,002,032 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2012.02.04 14:49:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.04 14:46:51 | 000,224,768 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.04 11:25:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.01.26 15:25:43 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.01.23 22:59:16 | 000,000,588 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Besitzer.job
[2012.01.13 14:35:37 | 000,813,202 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.13 14:35:37 | 000,684,398 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.13 14:35:37 | 000,191,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.13 14:35:37 | 000,159,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.04 14:49:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2010.06.08 18:25:39 | 000,023,664 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.02.26 17:14:19 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2010.01.05 21:41:41 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.01.05 21:41:41 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.01.05 21:41:41 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.01.05 21:41:41 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.01.05 21:41:41 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.01.05 21:41:41 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.01.05 21:41:41 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.01.05 21:41:41 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.01.05 21:41:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.01.05 21:41:41 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.01.05 21:41:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.01.05 21:41:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.01.05 21:41:41 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.01.05 21:41:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.01.05 21:41:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.01.05 21:41:41 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.01.05 21:41:41 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.01.05 21:41:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.01.05 21:41:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.12.18 16:30:17 | 000,000,192 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2009.12.18 16:30:01 | 012,206,080 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.10.29 19:16:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.29 19:16:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.23 10:53:21 | 000,062,716 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.10.23 10:53:19 | 000,062,716 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.05 14:26:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.10 23:02:16 | 000,161,767 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.06.06 18:58:34 | 000,002,032 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat
[2009.02.12 01:23:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.12 01:23:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.02.03 16:44:00 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2008.12.28 14:55:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008.11.14 11:43:20 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008.10.27 11:42:08 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat
[2008.10.19 20:37:52 | 000,000,096 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\fusioncache.dat
[2008.10.19 16:10:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.19 16:10:39 | 000,022,328 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\PnkBstrK.sys
[2008.10.19 16:09:49 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.10.19 16:09:43 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.10.19 16:09:42 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008.10.19 13:57:10 | 000,000,182 | ---- | C] () -- C:\Windows\wininit.ini
[2008.10.18 21:18:59 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.10.18 21:17:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.18 21:15:11 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat
[2008.09.29 13:33:28 | 000,160,424 | ---- | C] () -- C:\Windows\hpoins15.dat
[2008.09.29 13:33:28 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2008.04.22 09:02:55 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008.02.18 19:31:20 | 000,224,768 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.09 09:31:15 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini
[2008.01.31 18:23:25 | 000,000,552 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d8caps.dat
[2008.01.31 16:42:21 | 000,000,100 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat
[2007.11.07 07:31:13 | 000,813,202 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.11.07 07:31:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.11.07 07:31:13 | 000,191,688 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.11.07 07:31:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.11.06 23:20:37 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007.11.06 23:09:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007.11.06 23:06:29 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2007.11.06 23:06:29 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.10.11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.07.19 16:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,361,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,684,398 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,159,558 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
 
========== LOP Check ==========
 
[2011.03.15 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase
[2010.03.16 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson
[2010.04.01 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ!
[2008.11.29 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ
[2011.10.02 04:59:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade
[2011.09.21 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade With Fire and Sword
[2008.03.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\muvee Technologies
[2008.10.24 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org
[2008.10.18 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera
[2009.12.22 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\shockvoice
[2008.01.31 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template
[2011.04.16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly
[2010.01.24 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2010.01.18 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
[2009.10.02 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue
[2008.04.14 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch
[2012.02.07 22:31:24 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.08 17:46:50 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.22 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Adobe
[2010.05.22 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Apple Computer
[2011.03.15 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase
[2010.05.12 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DivX
[2011.06.02 01:29:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\dvdcss
[2010.03.16 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson
[2010.04.01 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ!
[2008.02.08 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Google
[2009.10.25 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Hewlett-Packard
[2008.09.29 13:49:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HP
[2010.07.07 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HPAppData
[2008.11.29 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ
[2008.01.28 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Identities
[2008.10.18 22:08:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\InstallShield
[2008.02.08 18:51:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Macromedia
[2012.02.04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Media Center Programs
[2011.12.22 23:45:55 | 000,000,000 | --SD | M] -- C:\Users\Besitzer\AppData\Roaming\Microsoft
[2011.10.02 04:59:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade
[2011.09.21 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade With Fire and Sword
[2009.01.01 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mozilla
[2008.03.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\muvee Technologies
[2008.10.24 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org
[2008.10.18 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera
[2011.12.20 00:55:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Real
[2008.03.16 14:03:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Roxio
[2009.12.22 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\shockvoice
[2011.01.08 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Skype
[2009.06.17 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sun
[2008.10.18 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Talkback
[2012.02.03 21:33:38 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\teamspeak2
[2008.01.31 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template
[2011.04.16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly
[2010.01.24 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client
[2010.01.18 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft
[2009.10.02 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue
[2009.06.22 15:37:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ventrilo
[2008.11.14 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\vlc
[2010.02.26 17:31:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\VMware
[2008.04.14 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch
[2008.03.07 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinRAR
[2010.05.12 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.06.19 14:23:35 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008.04.17 10:26:20 | 000,010,134 | R--- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
[2008.04.04 18:19:04 | 000,010,134 | R--- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
[2010.07.10 22:48:04 | 000,673,610 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe
[2010.03.13 15:58:06 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.05.28 19:22:19 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2011.01.25 23:16:31 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.11.18 19:21:35 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.07 07:39:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.11.07 07:39:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2009.12.21 23:23:09 | 001,389,056 | ---- | M] ()(C:\Users\Besitzer\Desktop\Pr?si 22.12.2009 Version 5.0.ppt) -- C:\Users\Besitzer\Desktop\Pr�si 22.12.2009 Version 5.0.ppt
[2009.12.21 23:23:09 | 001,389,056 | ---- | C] ()(C:\Users\Besitzer\Desktop\Pr?si 22.12.2009 Version 5.0.ppt) -- C:\Users\Besitzer\Desktop\Pr�si 22.12.2009 Version 5.0.ppt
[2009.12.19 20:10:37 | 000,024,576 | ---- | M] ()(C:\Users\Besitzer\Desktop\Zu beachten f?r Dokumentation und vor allem f?r die Pr?si.doc) -- C:\Users\Besitzer\Desktop\Zu beachten f�r Dokumentation und vor allem f�r die Pr�si.doc
[2009.12.19 20:10:37 | 000,024,576 | ---- | C] ()(C:\Users\Besitzer\Desktop\Zu beachten f?r Dokumentation und vor allem f?r die Pr?si.doc) -- C:\Users\Besitzer\Desktop\Zu beachten f�r Dokumentation und vor allem f�r die Pr�si.doc
[2009.11.18 16:14:05 | 000,041,984 | ---- | M] ()(C:\Users\Besitzer\Desktop\Konzept f?r Vorbereitungsblock.doc) -- C:\Users\Besitzer\Desktop\Konzept f�r Vorbereitungsblock.doc
[2009.11.18 16:14:04 | 000,041,984 | ---- | C] ()(C:\Users\Besitzer\Desktop\Konzept f?r Vorbereitungsblock.doc) -- C:\Users\Besitzer\Desktop\Konzept f�r Vorbereitungsblock.doc
[2009.06.11 19:38:12 | 000,611,840 | ---- | M] ()(C:\Users\Besitzer\Documents\EVB_Pr?si_martin_Samir.ppt) -- C:\Users\Besitzer\Documents\EVB_Pr�si_martin_Samir.ppt
[2009.06.11 19:38:10 | 000,611,840 | ---- | C] ()(C:\Users\Besitzer\Documents\EVB_Pr?si_martin_Samir.ppt) -- C:\Users\Besitzer\Documents\EVB_Pr�si_martin_Samir.ppt
[2009.06.01 15:51:43 | 000,026,749 | ---- | M] ()(C:\Users\Besitzer\Documents\F?rderung von Teamkompetenz_Samir.pdf) -- C:\Users\Besitzer\Documents\F�rderung von Teamkompetenz_Samir.pdf
[2009.06.01 15:51:43 | 000,026,749 | ---- | C] ()(C:\Users\Besitzer\Documents\F?rderung von Teamkompetenz_Samir.pdf) -- C:\Users\Besitzer\Documents\F�rderung von Teamkompetenz_Samir.pdf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
         
--- --- ---

Alt 09.02.2012, 10:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
[2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}
[2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com
[2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml
[2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml
[2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml
2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
CHR - default_search_provider: search_url = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found	
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ]
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] ()
MsConfig - StartUpReg: 00PCTFW - hkey= - key= -  File not found
MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= -  File not found
MsConfig - StartUpReg: VirRL2009 - hkey= - key= -  File not found
MsConfig - StartUpReg: wblogon - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6
:Files
C:\Users\Besitzer\AppData\Roaming\Uniblue
C:\Program Files\Uniblue
C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
C:\Users\Besitzer\Downloads\eMule
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.02.2012, 19:25   #9
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Vielen Dank für die Hilfe!!

Nach ein paar Minuten hat Windows OTL "beendet" mit "Programm reagiert nicht". Nach dem Reboot kam folgender Text:

Code:
ATTFilter
Files\Folders moved on Reboot...
File move failed. c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll scheduled to be moved on reboot.
File move failed. c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.
File move failed. G:\autorun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
         

Alt 09.02.2012, 21:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Wiederhol den Fix bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.02.2012, 16:13   #11
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Vielen lieben Dank, es scheint alles geklappt zu haben!!


Code:
ATTFilter
 All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Prefs.js: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Max DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Facemoods Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.facemoods.com/?a=gppc" removed from browser.startup.homepage
Prefs.js: ffxtlbr@Facemoods.com:1.3.0 removed from extensions.enabledItems
Prefs.js: smartwebprinting@hp.com:4.60 removed from extensions.enabledItems
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ not found.
Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com\ not found.
File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml not found.
File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml not found.
File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.
Unable to fix default_search_provider items.
File C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
File c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.
File C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
File c:\Programme\Google\GoogleToolbar2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ .
File c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
File C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File c:\Programme\Google\GoogleToolbar2.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{53B7F561-E49D-4A38-BC38-0F2642CEE09C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B7F561-E49D-4A38-BC38-0F2642CEE09C}\ not found.
File C:\Programme\Max_DE\tbMax_.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{72AE8426-3B8D-4EAD-B191-8D0AD1C62158} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}\ not found.
File C:\Programme\P2P_Max\tbP2P1.dll not found.
Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.
File move failed. G:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\00PCTFW\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CCUTRAYICON\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VirRL2009\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\wblogon\ not found.
Unable to delete ADS C:\ProgramData\TEMP:825D5945 .
Unable to delete ADS C:\ProgramData\TEMP:C31F31E6 .
========== FILES ==========
File\Folder C:\Users\Besitzer\AppData\Roaming\Uniblue not found.
File\Folder C:\Program Files\Uniblue not found.
File\Folder C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe not found.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
File\Folder C:\Users\Besitzer\Downloads\eMule not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Besitzer
->Temp folder emptied: 700095 bytes
->Temporary Internet Files folder emptied: 33521 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25346440 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1047 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 314406457 bytes
RecycleBin emptied: 8205124326 bytes
 
Total Files Cleaned = 8.150,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02112012_154715

Files\Folders moved on Reboot...
File move failed. G:\autorun.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP0000006853BEF54980C6EEAF not found!
File\Folder C:\Windows\temp\TMP000000691218B65509F332A8 not found!
File\Folder C:\Windows\temp\TMP0000006EBAAD5C4C8E77FEED not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .
         

Alt 12.02.2012, 13:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.02.2012, 20:46   #13
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Ich kann auf alle persönlichen Dokumente, Programme, etc. zugreifen.

Das Ergebenis vom TDSS-Killer lautet wie folgt:

Code:
ATTFilter
21:39:36.0838 5224	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
21:39:38.0840 5224	============================================================
21:39:38.0840 5224	Current date / time: 2012/02/13 21:39:38.0840
21:39:38.0840 5224	SystemInfo:
21:39:38.0840 5224	
21:39:38.0840 5224	OS Version: 6.0.6002 ServicePack: 2.0
21:39:38.0840 5224	Product type: Workstation
21:39:38.0840 5224	ComputerName: BESITZER-PC
21:39:38.0840 5224	UserName: Besitzer
21:39:38.0841 5224	Windows directory: C:\Windows
21:39:38.0841 5224	System windows directory: C:\Windows
21:39:38.0841 5224	Processor architecture: Intel x86
21:39:38.0841 5224	Number of processors: 4
21:39:38.0841 5224	Page size: 0x1000
21:39:38.0841 5224	Boot type: Normal boot
21:39:38.0841 5224	============================================================
21:39:40.0250 5224	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:39:40.0275 5224	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:39:40.0278 5224	Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:39:40.0691 5224	\Device\Harddisk0\DR0:
21:39:40.0692 5224	MBR used
21:39:40.0692 5224	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39488EB0
21:39:40.0692 5224	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x39488EEF, BlocksNum 0xEFBD52
21:39:40.0692 5224	\Device\Harddisk1\DR1:
21:39:40.0692 5224	MBR used
21:39:40.0692 5224	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:39:40.0692 5224	\Device\Harddisk2\DR2:
21:39:40.0692 5224	MBR used
21:39:40.0708 5224	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x950A5C1
21:39:40.0879 5224	Initialize success
21:39:40.0879 5224	============================================================
21:40:23.0049 6108	============================================================
21:40:23.0049 6108	Scan started
21:40:23.0049 6108	Mode: Manual; SigCheck; TDLFS; 
21:40:23.0049 6108	============================================================
21:40:23.0469 6108	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:40:23.0562 6108	ACPI - ok
21:40:23.0633 6108	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:40:23.0662 6108	adp94xx - ok
21:40:23.0717 6108	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:40:23.0731 6108	adpahci - ok
21:40:23.0750 6108	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:40:23.0760 6108	adpu160m - ok
21:40:23.0780 6108	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:40:23.0792 6108	adpu320 - ok
21:40:23.0862 6108	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:40:23.0931 6108	AFD - ok
21:40:23.0980 6108	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:40:23.0990 6108	agp440 - ok
21:40:24.0020 6108	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:40:24.0029 6108	aic78xx - ok
21:40:24.0066 6108	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:40:24.0075 6108	aliide - ok
21:40:24.0089 6108	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:40:24.0099 6108	amdagp - ok
21:40:24.0117 6108	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:40:24.0125 6108	amdide - ok
21:40:24.0139 6108	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:40:24.0300 6108	AmdK7 - ok
21:40:24.0326 6108	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:40:24.0386 6108	AmdK8 - ok
21:40:24.0450 6108	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:40:24.0459 6108	arc - ok
21:40:24.0481 6108	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:40:24.0490 6108	arcsas - ok
21:40:24.0538 6108	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:24.0661 6108	AsyncMac - ok
21:40:24.0694 6108	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:40:24.0701 6108	atapi - ok
21:40:24.0781 6108	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
21:40:24.0822 6108	atksgt - ok
21:40:24.0879 6108	AVMUNET         (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys
21:40:24.0962 6108	AVMUNET - ok
21:40:25.0018 6108	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:40:25.0072 6108	Beep - ok
21:40:25.0086 6108	blbdrive - ok
21:40:25.0139 6108	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:40:25.0195 6108	bowser - ok
21:40:25.0233 6108	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:40:25.0318 6108	BrFiltLo - ok
21:40:25.0345 6108	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:40:25.0392 6108	BrFiltUp - ok
21:40:25.0432 6108	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:40:25.0513 6108	Brserid - ok
21:40:25.0567 6108	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:40:25.0656 6108	BrSerWdm - ok
21:40:25.0684 6108	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:40:25.0755 6108	BrUsbMdm - ok
21:40:25.0777 6108	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:40:25.0840 6108	BrUsbSer - ok
21:40:25.0875 6108	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:40:25.0958 6108	BTHMODEM - ok
21:40:26.0022 6108	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:40:26.0080 6108	cdfs - ok
21:40:26.0124 6108	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:40:26.0187 6108	cdrom - ok
21:40:26.0238 6108	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:40:26.0281 6108	circlass - ok
21:40:26.0436 6108	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:40:26.0470 6108	CLFS - ok
21:40:26.0516 6108	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:40:26.0524 6108	cmdide - ok
21:40:26.0540 6108	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:40:26.0549 6108	Compbatt - ok
21:40:26.0572 6108	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:40:26.0580 6108	crcdisk - ok
21:40:26.0601 6108	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:40:26.0662 6108	Crusoe - ok
21:40:26.0750 6108	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:40:26.0814 6108	DfsC - ok
21:40:26.0878 6108	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:40:26.0887 6108	disk - ok
21:40:27.0016 6108	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:40:27.0116 6108	Dot4 - ok
21:40:27.0158 6108	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:40:27.0181 6108	Dot4Print - ok
21:40:27.0216 6108	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:40:27.0238 6108	dot4usb - ok
21:40:27.0287 6108	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:40:27.0325 6108	drmkaud - ok
21:40:27.0387 6108	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:40:27.0460 6108	DXGKrnl - ok
21:40:27.0552 6108	e1express       (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
21:40:27.0566 6108	e1express - ok
21:40:27.0621 6108	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:40:27.0687 6108	E1G60 - ok
21:40:27.0754 6108	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:40:27.0764 6108	Ecache - ok
21:40:27.0798 6108	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:40:27.0813 6108	elxstor - ok
21:40:27.0860 6108	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:40:27.0915 6108	exfat - ok
21:40:27.0968 6108	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:40:28.0013 6108	fastfat - ok
21:40:28.0054 6108	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:40:28.0122 6108	fdc - ok
21:40:28.0169 6108	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:40:28.0177 6108	FileInfo - ok
21:40:28.0216 6108	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:40:28.0275 6108	Filetrace - ok
21:40:28.0308 6108	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:28.0379 6108	flpydisk - ok
21:40:28.0459 6108	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:40:28.0480 6108	FltMgr - ok
21:40:28.0516 6108	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:40:28.0555 6108	Fs_Rec - ok
21:40:28.0588 6108	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:40:28.0597 6108	gagp30kx - ok
21:40:28.0659 6108	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:40:28.0678 6108	GEARAspiWDM - ok
21:40:28.0751 6108	hcmon           (dffc465c0a31dd2a86c4dd0a552aded8) C:\Windows\system32\drivers\hcmon.sys
21:40:28.0760 6108	hcmon - ok
21:40:28.0790 6108	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:40:28.0834 6108	HdAudAddService - ok
21:40:28.0874 6108	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:40:28.0930 6108	HDAudBus - ok
21:40:28.0972 6108	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:40:29.0040 6108	HidBth - ok
21:40:29.0084 6108	HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:40:29.0102 6108	HidIr - ok
21:40:29.0130 6108	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:40:29.0155 6108	HidUsb - ok
21:40:29.0184 6108	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:40:29.0201 6108	HpCISSs - ok
21:40:29.0253 6108	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:40:29.0350 6108	HTTP - ok
21:40:29.0397 6108	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:40:29.0420 6108	i2omp - ok
21:40:29.0454 6108	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:40:29.0472 6108	i8042prt - ok
21:40:29.0535 6108	ialm            (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
21:40:29.0666 6108	ialm - ok
21:40:29.0759 6108	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:40:29.0780 6108	iaStorV - ok
21:40:29.0901 6108	IDSvix86        (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys
21:40:29.0929 6108	IDSvix86 - ok
21:40:29.0948 6108	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:40:29.0957 6108	iirsp - ok
21:40:30.0037 6108	IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
21:40:30.0114 6108	IntcAzAudAddService - ok
21:40:30.0156 6108	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
21:40:30.0164 6108	intelide - ok
21:40:30.0198 6108	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:40:30.0244 6108	intelppm - ok
21:40:30.0287 6108	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:30.0333 6108	IpFilterDriver - ok
21:40:30.0343 6108	IpInIp - ok
21:40:30.0374 6108	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:40:30.0435 6108	IPMIDRV - ok
21:40:30.0467 6108	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:40:30.0511 6108	IPNAT - ok
21:40:30.0574 6108	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:40:30.0644 6108	IRENUM - ok
21:40:30.0757 6108	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:40:30.0766 6108	isapnp - ok
21:40:30.0801 6108	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:40:30.0812 6108	iScsiPrt - ok
21:40:30.0833 6108	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:40:30.0854 6108	iteatapi - ok
21:40:30.0881 6108	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:40:30.0892 6108	iteraid - ok
21:40:30.0902 6108	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:40:30.0911 6108	kbdclass - ok
21:40:30.0944 6108	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:40:30.0980 6108	kbdhid - ok
21:40:31.0030 6108	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:40:31.0050 6108	KSecDD - ok
21:40:31.0136 6108	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
21:40:31.0146 6108	lirsgt - ok
21:40:31.0181 6108	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:40:31.0231 6108	lltdio - ok
21:40:31.0268 6108	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:40:31.0289 6108	LSI_FC - ok
21:40:31.0312 6108	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:40:31.0322 6108	LSI_SAS - ok
21:40:31.0342 6108	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:40:31.0352 6108	LSI_SCSI - ok
21:40:31.0382 6108	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:40:31.0405 6108	luafv - ok
21:40:31.0477 6108	LVcKap          (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys
21:40:31.0554 6108	LVcKap - ok
21:40:31.0714 6108	LVMVDrv         (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:40:31.0814 6108	LVMVDrv - ok
21:40:31.0991 6108	lvpopflt        (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:40:32.0074 6108	lvpopflt - ok
21:40:32.0108 6108	LVPr2Mon        (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:40:32.0142 6108	LVPr2Mon - ok
21:40:32.0227 6108	LVRS            (26dc8ebcce7d0e49680af6fca7b7aa38) C:\Windows\system32\DRIVERS\lvrs.sys
21:40:32.0334 6108	LVRS - ok
21:40:32.0378 6108	lvselsus        (3e0c7b317f2564ca8fc87b90e1d16e66) C:\Windows\system32\DRIVERS\lvselsus.sys
21:40:32.0413 6108	lvselsus - ok
21:40:32.0482 6108	LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys
21:40:32.0515 6108	LVUSBSta - ok
21:40:32.0639 6108	LVUVC           (eacd1eb2d82ed2adc753afeee1d4d660) C:\Windows\system32\DRIVERS\lvuvc.sys
21:40:32.0825 6108	LVUVC - ok
21:40:32.0924 6108	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:40:32.0933 6108	MBAMProtector - ok
21:40:32.0969 6108	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:40:32.0978 6108	megasas - ok
21:40:33.0009 6108	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:40:33.0051 6108	Modem - ok
21:40:33.0098 6108	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:40:33.0131 6108	monitor - ok
21:40:33.0160 6108	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:40:33.0175 6108	mouclass - ok
21:40:33.0190 6108	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:40:33.0240 6108	mouhid - ok
21:40:33.0285 6108	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:40:33.0295 6108	MountMgr - ok
21:40:33.0319 6108	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:40:33.0331 6108	mpio - ok
21:40:33.0342 6108	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:40:33.0384 6108	mpsdrv - ok
21:40:33.0418 6108	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:40:33.0427 6108	Mraid35x - ok
21:40:33.0446 6108	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:40:33.0506 6108	MRxDAV - ok
21:40:33.0553 6108	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:33.0618 6108	mrxsmb - ok
21:40:33.0684 6108	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:33.0722 6108	mrxsmb10 - ok
21:40:33.0757 6108	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:33.0793 6108	mrxsmb20 - ok
21:40:33.0826 6108	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:40:33.0835 6108	msahci - ok
21:40:33.0846 6108	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:40:33.0856 6108	msdsm - ok
21:40:33.0894 6108	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:40:33.0944 6108	Msfs - ok
21:40:34.0001 6108	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:40:34.0009 6108	msisadrv - ok
21:40:34.0046 6108	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:40:34.0094 6108	MSKSSRV - ok
21:40:34.0150 6108	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:34.0199 6108	MSPCLOCK - ok
21:40:34.0244 6108	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:40:34.0269 6108	MSPQM - ok
21:40:34.0303 6108	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:40:34.0314 6108	MsRPC - ok
21:40:34.0327 6108	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:40:34.0339 6108	mssmbios - ok
21:40:34.0376 6108	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:40:34.0406 6108	MSTEE - ok
21:40:34.0459 6108	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:40:34.0468 6108	Mup - ok
21:40:34.0519 6108	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:40:34.0547 6108	NativeWifiP - ok
21:40:34.0600 6108	NAVENG - ok
21:40:34.0607 6108	NAVEX15 - ok
21:40:34.0645 6108	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:40:34.0690 6108	NDIS - ok
21:40:34.0763 6108	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:34.0801 6108	NdisTapi - ok
21:40:35.0075 6108	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:35.0099 6108	Ndisuio - ok
21:40:35.0134 6108	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:35.0173 6108	NdisWan - ok
21:40:35.0222 6108	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:40:35.0261 6108	NDProxy - ok
21:40:35.0305 6108	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:40:35.0328 6108	NetBIOS - ok
21:40:35.0490 6108	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:40:35.0535 6108	netbt - ok
21:40:35.0647 6108	netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys
21:40:35.0716 6108	netr73 - ok
21:40:35.0750 6108	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:40:35.0759 6108	nfrd960 - ok
21:40:35.0898 6108	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:40:35.0930 6108	Npfs - ok
21:40:36.0006 6108	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:40:36.0037 6108	nsiproxy - ok
21:40:36.0158 6108	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:40:36.0204 6108	Ntfs - ok
21:40:36.0251 6108	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:40:36.0330 6108	ntrigdigi - ok
21:40:36.0369 6108	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:40:36.0411 6108	Null - ok
21:40:36.0720 6108	nvlddmkm        (c14e3c26a348e359b89b4a02279d76c4) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:40:37.0145 6108	nvlddmkm - ok
21:40:37.0175 6108	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:40:37.0209 6108	nvraid - ok
21:40:37.0247 6108	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:40:37.0255 6108	nvstor - ok
21:40:37.0279 6108	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:40:37.0289 6108	nv_agp - ok
21:40:37.0298 6108	NwlnkFlt - ok
21:40:37.0306 6108	NwlnkFwd - ok
21:40:37.0383 6108	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:40:37.0400 6108	ohci1394 - ok
21:40:37.0417 6108	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:40:37.0476 6108	Parport - ok
21:40:37.0516 6108	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:40:37.0524 6108	partmgr - ok
21:40:37.0786 6108	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:40:37.0851 6108	Parvdm - ok
21:40:37.0891 6108	PCDSRVC{D5068648-4046B656-06000000}_0 - ok
21:40:37.0929 6108	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:40:37.0940 6108	pci - ok
21:40:37.0964 6108	pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:40:37.0972 6108	pciide - ok
21:40:38.0052 6108	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:40:38.0065 6108	pcmcia - ok
21:40:38.0108 6108	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:40:38.0170 6108	PEAUTH - ok
21:40:38.0220 6108	PID_0928        (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS
21:40:38.0246 6108	PID_0928 - ok
21:40:38.0314 6108	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:40:38.0359 6108	PptpMiniport - ok
21:40:38.0392 6108	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:40:38.0454 6108	Processor - ok
21:40:38.0518 6108	Ps2             (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
21:40:38.0569 6108	Ps2 - ok
21:40:38.0631 6108	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:40:38.0680 6108	PSched - ok
21:40:38.0723 6108	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
21:40:38.0732 6108	PxHelp20 - ok
21:40:38.0772 6108	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:40:38.0816 6108	ql2300 - ok
21:40:38.0842 6108	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:40:38.0853 6108	ql40xx - ok
21:40:38.0883 6108	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:40:38.0942 6108	QWAVEdrv - ok
21:40:38.0974 6108	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:40:39.0020 6108	RasAcd - ok
21:40:39.0066 6108	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:39.0115 6108	Rasl2tp - ok
21:40:39.0143 6108	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:39.0183 6108	RasPppoe - ok
21:40:39.0219 6108	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:40:39.0253 6108	RasSstp - ok
21:40:39.0299 6108	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:40:39.0319 6108	rdbss - ok
21:40:39.0350 6108	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:39.0396 6108	RDPCDD - ok
21:40:39.0449 6108	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:40:39.0509 6108	rdpdr - ok
21:40:39.0539 6108	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:40:39.0589 6108	RDPENCDD - ok
21:40:39.0648 6108	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:40:39.0685 6108	RDPWD - ok
21:40:39.0935 6108	RivaTuner32     (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
21:40:39.0967 6108	RivaTuner32 ( UnsignedFile.Multi.Generic ) - warning
21:40:39.0967 6108	RivaTuner32 - detected UnsignedFile.Multi.Generic (1)
21:40:40.0007 6108	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:40:40.0031 6108	rspndr - ok
21:40:40.0125 6108	SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys
21:40:40.0134 6108	SANDRA - ok
21:40:40.0150 6108	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:40:40.0161 6108	sbp2port - ok
21:40:40.0175 6108	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:40:40.0237 6108	secdrv - ok
21:40:40.0365 6108	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:40:40.0433 6108	Serenum - ok
21:40:40.0466 6108	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:40:40.0511 6108	Serial - ok
21:40:40.0543 6108	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:40:40.0595 6108	sermouse - ok
21:40:40.0632 6108	sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:40:40.0668 6108	sffdisk - ok
21:40:40.0699 6108	sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:40:40.0753 6108	sffp_mmc - ok
21:40:40.0779 6108	sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:40:40.0829 6108	sffp_sd - ok
21:40:40.0864 6108	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:40:40.0932 6108	sfloppy - ok
21:40:41.0067 6108	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:40:41.0076 6108	sisagp - ok
21:40:41.0093 6108	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:40:41.0102 6108	SiSRaid2 - ok
21:40:41.0123 6108	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:40:41.0133 6108	SiSRaid4 - ok
21:40:41.0163 6108	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:40:41.0241 6108	Smb - ok
21:40:41.0369 6108	SPBBCDrv        (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:40:41.0389 6108	SPBBCDrv - ok
21:40:41.0421 6108	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:40:41.0429 6108	spldr - ok
21:40:41.0510 6108	SRTSP           (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
21:40:41.0525 6108	SRTSP - ok
21:40:41.0545 6108	SRTSPL          (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
21:40:41.0560 6108	SRTSPL - ok
21:40:41.0589 6108	SRTSPX          (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
21:40:41.0597 6108	SRTSPX - ok
21:40:41.0623 6108	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:40:41.0676 6108	srv - ok
21:40:41.0708 6108	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:40:41.0751 6108	srv2 - ok
21:40:41.0797 6108	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:40:41.0831 6108	srvnet - ok
21:40:41.0891 6108	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:40:41.0899 6108	swenum - ok
21:40:41.0930 6108	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:40:41.0938 6108	Symc8xx - ok
21:40:41.0967 6108	SYMDNS          (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
21:40:41.0975 6108	SYMDNS - ok
21:40:42.0006 6108	SymEvent        (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
21:40:42.0017 6108	SymEvent - ok
21:40:42.0046 6108	SYMFW           (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
21:40:42.0057 6108	SYMFW - ok
21:40:42.0087 6108	SYMIDS          (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
21:40:42.0095 6108	SYMIDS - ok
21:40:42.0112 6108	SYMNDISV        (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
21:40:42.0120 6108	SYMNDISV - ok
21:40:42.0150 6108	SYMREDRV        (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
21:40:42.0158 6108	SYMREDRV - ok
21:40:42.0175 6108	SYMTDI          (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
21:40:42.0187 6108	SYMTDI - ok
21:40:42.0206 6108	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:40:42.0215 6108	Sym_hi - ok
21:40:42.0233 6108	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:40:42.0242 6108	Sym_u3 - ok
21:40:42.0305 6108	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:40:42.0350 6108	Tcpip - ok
21:40:42.0391 6108	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:40:42.0416 6108	Tcpip6 - ok
21:40:42.0461 6108	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:40:42.0490 6108	tcpipreg - ok
21:40:42.0538 6108	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:40:42.0580 6108	TDPIPE - ok
21:40:42.0605 6108	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:40:42.0642 6108	TDTCP - ok
21:40:42.0692 6108	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:40:42.0734 6108	tdx - ok
21:40:42.0777 6108	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:40:42.0786 6108	TermDD - ok
21:40:42.0828 6108	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:42.0851 6108	tssecsrv - ok
21:40:42.0906 6108	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:40:42.0959 6108	tunmp - ok
21:40:43.0019 6108	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:40:43.0049 6108	tunnel - ok
21:40:43.0112 6108	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:40:43.0122 6108	uagp35 - ok
21:40:43.0187 6108	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:40:43.0208 6108	udfs - ok
21:40:43.0262 6108	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:40:43.0271 6108	uliagpkx - ok
21:40:43.0310 6108	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:40:43.0322 6108	uliahci - ok
21:40:43.0352 6108	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:40:43.0363 6108	UlSata - ok
21:40:43.0387 6108	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:40:43.0397 6108	ulsata2 - ok
21:40:43.0444 6108	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:40:43.0492 6108	umbus - ok
21:40:43.0577 6108	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:40:43.0620 6108	usbaudio - ok
21:40:43.0650 6108	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:43.0694 6108	usbccgp - ok
21:40:43.0736 6108	usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
21:40:43.0759 6108	usbcir - ok
21:40:43.0807 6108	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:40:43.0844 6108	usbehci - ok
21:40:43.0893 6108	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:40:43.0935 6108	usbhub - ok
21:40:43.0970 6108	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:40:44.0028 6108	usbohci - ok
21:40:44.0081 6108	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:40:44.0103 6108	usbprint - ok
21:40:44.0165 6108	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:40:44.0183 6108	usbscan - ok
21:40:44.0216 6108	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:44.0254 6108	USBSTOR - ok
21:40:44.0297 6108	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:40:44.0337 6108	usbuhci - ok
21:40:44.0390 6108	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:44.0435 6108	vga - ok
21:40:44.0480 6108	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:40:44.0502 6108	VgaSave - ok
21:40:44.0540 6108	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:40:44.0550 6108	viaagp - ok
21:40:44.0577 6108	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:40:44.0632 6108	ViaC7 - ok
21:40:44.0660 6108	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:40:44.0668 6108	viaide - ok
21:40:44.0738 6108	vmci            (a131387e5bfdfc27debda8428ea14173) C:\Windows\system32\Drivers\vmci.sys
21:40:44.0747 6108	vmci - ok
21:40:44.0781 6108	vmkbd           (9450172735eca807d3ae92bbc04dcb5c) C:\Windows\system32\drivers\VMkbd.sys
21:40:44.0789 6108	vmkbd - ok
21:40:44.0826 6108	VMnetAdapter    (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:40:44.0834 6108	VMnetAdapter - ok
21:40:44.0851 6108	VMnetBridge     (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:40:44.0860 6108	VMnetBridge - ok
21:40:44.0894 6108	VMnetuserif     (7cccbc8a9be8766a32a8d26f52f9f31c) C:\Windows\system32\drivers\vmnetuserif.sys
21:40:44.0902 6108	VMnetuserif - ok
21:40:44.0949 6108	vmusb           (25017db6451b002158db425961a82b7b) C:\Windows\system32\Drivers\vmusb.sys
21:40:44.0957 6108	vmusb - ok
21:40:45.0031 6108	vmx86           (3e039755695e7a80fd0f40685ad0f73b) C:\Windows\system32\Drivers\vmx86.sys
21:40:45.0066 6108	vmx86 - ok
21:40:45.0112 6108	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:40:45.0120 6108	volmgr - ok
21:40:45.0157 6108	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:40:45.0171 6108	volmgrx - ok
21:40:45.0201 6108	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:40:45.0213 6108	volsnap - ok
21:40:45.0243 6108	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:40:45.0253 6108	vsmraid - ok
21:40:45.0324 6108	vstor2-ws60     (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
21:40:45.0332 6108	vstor2-ws60 - ok
21:40:45.0368 6108	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:40:45.0423 6108	WacomPen - ok
21:40:45.0465 6108	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:40:45.0505 6108	Wanarp - ok
21:40:45.0507 6108	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:40:45.0525 6108	Wanarpv6 - ok
21:40:45.0556 6108	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:40:45.0565 6108	Wd - ok
21:40:45.0625 6108	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:40:45.0645 6108	Wdf01000 - ok
21:40:45.0701 6108	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:40:45.0740 6108	WmiAcpi - ok
21:40:45.0787 6108	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:40:45.0811 6108	ws2ifsl - ok
21:40:45.0850 6108	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:45.0912 6108	WUDFRd - ok
21:40:45.0953 6108	MBR (0x1B8)     (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
21:40:46.0273 6108	\Device\Harddisk0\DR0 - ok
21:40:46.0274 6108	MBR (0x1B8)     (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1
21:40:46.0342 6108	\Device\Harddisk1\DR1 - ok
21:40:46.0343 6108	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
21:40:46.0846 6108	\Device\Harddisk2\DR2 - ok
21:40:46.0846 6108	Boot (0x1200)   (42c7dcc75e4c0af6b9a390f616a4edd2) \Device\Harddisk0\DR0\Partition0
21:40:46.0847 6108	\Device\Harddisk0\DR0\Partition0 - ok
21:40:46.0848 6108	Boot (0x1200)   (a15d50532b97af183d0b51272bebf9c5) \Device\Harddisk0\DR0\Partition1
21:40:46.0849 6108	\Device\Harddisk0\DR0\Partition1 - ok
21:40:46.0850 6108	Boot (0x1200)   (160f47f4d3004a4d86d9dfd80b20f147) \Device\Harddisk1\DR1\Partition0
21:40:46.0851 6108	\Device\Harddisk1\DR1\Partition0 - ok
21:40:46.0852 6108	Boot (0x1200)   (ced0df781c18df549d8ccddcb9db49a1) \Device\Harddisk2\DR2\Partition0
21:40:46.0854 6108	\Device\Harddisk2\DR2\Partition0 - ok
21:40:46.0854 6108	============================================================
21:40:46.0854 6108	Scan finished
21:40:46.0854 6108	============================================================
21:40:46.0856 3632	Detected object count: 1
21:40:46.0856 3632	Actual detected object count: 1
21:41:14.0319 3632	RivaTuner32 ( UnsignedFile.Multi.Generic ) - skipped by user
21:41:14.0319 3632	RivaTuner32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 13.02.2012, 22:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2012, 19:35   #15
pummel
 
Achtung! Ihr Computer wurde gesperrt (Win Vista) - Standard

Achtung! Ihr Computer wurde gesperrt (Win Vista)



Danke nochmal, dass ein Kompetenzler sich so lange um meine persönlichen PC Probleme kümmert!!

[code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-13.01 - Besitzer 14.02.2012  19:55:39.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.1973 [GMT 1:00]
ausgeführt von:: c:\users\Besitzer\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1
c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1\VirusResponse Lab 2009 2.1.lnk
c:\programdata\xml5ACF.tmp
c:\programdata\xmlC564.tmp
c:\programdata\xmlC67E.tmp
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\IsUn0407.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
E:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-14 bis 2012-02-14  ))))))))))))))))))))))))))))))
.
.
2012-02-14 19:11 . 2012-02-14 19:12	--------	d-----w-	c:\users\Besitzer\AppData\Local\temp
2012-02-14 19:11 . 2012-02-14 19:11	--------	d-----w-	c:\users\IUSR_NMPR\AppData\Local\temp
2012-02-14 19:11 . 2012-02-14 19:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-14 19:11 . 2012-02-14 19:11	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-02-14 11:03 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F426421-57C5-455B-A95A-A9361EEF3919}\mpengine.dll
2012-02-09 18:48 . 2012-02-09 18:48	--------	d-----w-	C:\_OTL
2012-02-06 20:33 . 2012-02-06 20:33	--------	d-----w-	c:\program files\ESET
2012-02-04 13:49 . 2012-02-04 13:49	--------	d-----w-	c:\users\Besitzer\AppData\Roaming\Malwarebytes
2012-02-04 13:49 . 2012-02-04 13:49	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-04 13:49 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-04 13:49 . 2012-02-04 13:49	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-31 09:55 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-31 09:55 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-31 09:55 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-31 09:55 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-31 09:55 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-31 09:55 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:21 . 2009-10-02 23:28	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-11-25 15:59 . 2012-01-12 14:47	376320	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-14 20:26	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-12 14:47	1205064	----a-w-	c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-12 14:47	66560	----a-w-	c:\windows\system32\packager.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2011-11-11 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-03-09 54680]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-09 161336]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-16 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2008-10-18 651264]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
2007-06-29 13:03	36864	----a-w-	c:\program files\GameSpy\Comrade\Comrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59	172792	----a-w-	c:\program files\ICQ6.5\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16	65536	----a-w-	c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 14:33	563984	----a-w-	c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 14:37	2178832	----a-w-	c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59	118784	----a-w-	c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-03-16 17:30	25268264	----a-w-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-11 19:51	1242448	----a-w-	c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-08 17:49	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 15:38	583048	----a-w-	c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
2008-10-28 22:00	64048	----a-w-	c:\program files\VMware\VMware Player\hqtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-08 21:19]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:08]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:08]
.
2012-02-05 c:\windows\Tasks\HPCeeScheduleForBesitzer.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-06 15:55]
.
2012-01-23 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Besitzer.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 18:09]
.
2012-02-11 c:\windows\Tasks\Norton Security Scan for Besitzer.job
- c:\progra~1\NORTON~3\Engine\351~1.8\Nss.exe [2011-12-09 23:02]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job
- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uSearchMigratedDefaultURL = 
uDefault_Search_URL = 
mStart Page = 
mSearchMigratedDefaultURL = 
mSearch Bar = 
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = 
mSearchURL = hxxp://www.Google.com/
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files\Uniblue\RegistryBooster 2010\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-14 20:11
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{D5068648-4046B656-06000000}_0]
"ImagePath"="\??\c:\pcdr5\pcdsrvc.pkms"
.
Zeit der Fertigstellung: 2012-02-14  20:21:09
ComboFix-quarantined-files.txt  2012-02-14 19:21
.
Vor Suchlauf: 11 Verzeichnis(se), 53.755.846.656 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 54.121.807.872 Bytes frei
.
- - End Of File - - 0C443AB08E600A4494D7F913AEA16415
         
--- --- ---

Antwort

Themen zu Achtung! Ihr Computer wurde gesperrt (Win Vista)
32 bit, achtung!, besitzer, browser, computer, computer gesperrt 100€, dateien, desktop, entfernen, explorer, gelöscht, gesperrt, helper, ihr computer wurde gesperrt, infizierte, internet, internet explorer, m.exe, microsoft, microsoft security, neu, search.hijacker, searchscopes, security, security center alert, software, spyware, system, system32, temp, trojan.vupx.on1, trojan.zlob, trojaner-board, virusresponse lab 2009, vista, vista 32, windows



Ähnliche Themen: Achtung! Ihr Computer wurde gesperrt (Win Vista)


  1. Achtung ihr computer wurde gesperrt .
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (3)
  2. Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 15.03.2012 (6)
  3. Achtung! Ihr Computer wurde gesperrt!!!
    Plagegeister aller Art und deren Bekämpfung - 15.03.2012 (4)
  4. Achtung! ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 13.03.2012 (4)
  5. Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 11.03.2012 (31)
  6. Achtung, Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (2)
  7. Achtung! Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (23)
  8. Achtung ihr Computer wurde gesperrt !!!
    Plagegeister aller Art und deren Bekämpfung - 10.02.2012 (4)
  9. Achtung ihr Computer wurde gesperrt!!
    Log-Analyse und Auswertung - 06.02.2012 (4)
  10. Achtung ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (13)
  11. Achtung ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 05.02.2012 (18)
  12. Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 05.02.2012 (11)
  13. Achtung! Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (13)
  14. Achtung! Ihr Computer wurde gesperrt!
    Alles rund um Windows - 03.02.2012 (6)
  15. Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 02.02.2012 (5)
  16. Achtung! Ihr Computer wurde gesperrt 100 €
    Log-Analyse und Auswertung - 02.02.2012 (1)
  17. Achtung !Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (1)

Zum Thema Achtung! Ihr Computer wurde gesperrt (Win Vista) - Sehr geehrtes Trojaner-Board Team, vielen Dank, dass es Euch gibt! Ich habe ein WinVista system mit 32 Bit, und habe mir wie viele Vorposter eingefangen, der meinen PC im nicht - Achtung! Ihr Computer wurde gesperrt (Win Vista)...
Archiv
Du betrachtest: Achtung! Ihr Computer wurde gesperrt (Win Vista) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.