Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Plagegeister aller Art und deren Bekämpfung: Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 10.02.2012, 18:43   #1
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Hallo an alle, über Google stolperte ich über euer Forum nachdem mein Rechner auch das "Windows Security Center Achtung! Ihr Computer wurde gesperrt " hatte. War gestern als das Problem beim surfen im Internet auftrat, Google Bildersuche. Wie bei den von anderen Usern beschrieben, ging auch bei mir nichts. Über Tastatur fuhr ich den Rechner runter (habe da eine Taste mit der das geht). Nach Rechner Neustart war das bekannte Problem wieder da. Bin dann im gesicherten Modus rein, habe dann mit Hilfe von Systemwiederherstellung das Problem beheben können.
Mit Avira im Anschluss kompletten Scan gemacht. 9 Funde, aber nur 5 wurden mit Name angezeigt, die dann in die Quarantäne wanderten.

EXP/Blacole.DU
EXP/2010-0840.LL.1
EXP/2010-0840.AR
EXP/CVE-2011-3544... (mehr zeigte er nicht an)
EXP/JS.Iframe.E

Nun meine Frage, reicht das aus um das Problem zu beheben? Habt ihr Tipps um vorzubeugen?


mfg Rainstorm

Alt 12.02.2012, 15:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Zitat:
Mit Avira im Anschluss kompletten Scan gemacht. 9 Funde, aber nur 5 wurden mit Name angezeigt, die dann in die Quarantäne wanderten.
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
__________________

__________________
Alt 13.02.2012, 23:26   #3
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Sry für die späte Antwort. Hatte zwischenzeitlich das gleiche Problem mit einen anderen "Bild". Diesmal ging absicherter Modus nicht, wurde ebenfalls geblockt. hatte beide Vorfaälle mit Firefox Browser Google.
Per Orginal DVD System zuückgesetzt. 2 mal Avira Scan gemacht. Malwarebytes muss ich mir neuinstallieren (zeigt Runtime-error an). Deren Logs folgen morgen.

mfg Rainstorm
__________________
Alt 13.02.2012, 23:35   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.02.2012, 17:07   #5
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Malwarebytes neuinstaliert und manuell aktualisiert. Ältere Scans habe ich leider nicht. 2 Scans durchgeführt. Im Anschluss der Eset Log.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e948eaf538fd8a4a96897e6b4fcf1102
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-14 03:53:11
# local_time=2012-02-14 04:53:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 82993 65766880 75782 0
# compatibility_mode=5892 16776573 100 56 82872 166750365 0 0
# compatibility_mode=8192 67108863 100 0 3880 3880 0 0
# scanned=305042
# found=4
# cleaned=0
# scan_time=8332
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll	probably a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Toolbar.SearchSuite application	00000000000000000000000000000000	I

Vielen Dank für die sehr gute Anleitung! Ohne die wäre ich aufgeschmissen.
mfg Rainstorm


Alt 14.02.2012, 17:11   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt

Alt 14.02.2012, 19:12   #7
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Quick Scan
Code:
ATTFilter
OTL logfile created on: 14.02.2012 17:32:01 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas Flander\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,56% Memory free
7,72 Gb Paging File | 6,09 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,42 Gb Total Space | 61,42 Gb Free Space | 21,67% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32
 
Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ArcorOnline\AOButler.exe (Vodafone D2 GmbH)
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()
MOD - C:\Windows\SysWOW64\LXEAsmr.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()
MOD - C:\Windows\SysWOW64\LXEAsm.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 20:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 20:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.13 16:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 19:31:34 | 000,000,000 | ---D | M]
 
[2011.07.17 23:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2012.01.06 12:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions
[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml
[2011.12.10 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.13 16:21:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ANDREAS FLANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5FJYD40.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.04 19:31:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.04 19:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 19:31:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.04 19:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.04 19:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.04 19:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4DA66F-9E0F-41CD-B5E8-615E73736BEB}: NameServer = 195.50.140.118 195.50.140.180
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.14 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.14 14:28:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.02.13 22:49:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2012.02.13 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\secu
[2012.02.12 00:00:22 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2012.02.10 13:45:51 | 000,000,000 | ---D | C] -- C:\Download
[2012.02.10 13:45:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2012.02.06 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012.02.06 19:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012.02.06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Neuer Ordner (2)
[2012.02.06 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience
[2012.02.06 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev
[2012.02.04 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Venetica
[2012.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2012.02.04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Venetica
[2012.01.24 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2012.01.24 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Sea Studios
[2012.01.24 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Sea Studios
[2012.01.22 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Coelis 1.1 Final
[2012.01.16 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks
[2012.01.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.01.16 20:01:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.01.16 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.15 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Back to the Roots
[2011.04.10 23:10:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011.04.10 23:10:46 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011.04.10 23:10:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011.04.10 23:10:45 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011.04.10 23:10:45 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011.04.10 23:10:45 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011.04.10 23:10:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011.04.10 23:10:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011.04.10 23:10:44 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011.04.10 23:10:44 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011.04.10 23:10:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2011.04.10 23:10:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011.03.31 09:46:24 | 000,013,272 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxxxxx\AppData\Local\cmdial32.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 17:16:33 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.14 17:16:33 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.14 17:16:33 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.14 17:16:33 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.14 17:16:33 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 14:28:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.02.14 14:24:30 | 000,000,022 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini
[2012.02.13 22:56:51 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.13 22:49:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2012.02.09 17:56:59 | 000,054,784 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.09 17:28:05 | 000,001,460 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat
[2012.02.09 11:41:08 | 000,404,154 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF
[2012.02.09 11:38:29 | 000,986,689 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF
[2012.02.09 11:35:36 | 000,939,645 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF
[2012.02.06 18:30:46 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\SI.bin
[2012.02.04 18:29:09 | 000,001,998 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk
[2012.02.01 17:59:00 | 000,000,172 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL
[2012.01.20 11:59:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.16 20:01:25 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.13 22:56:51 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 11:41:08 | 000,404,154 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF
[2012.02.09 11:38:28 | 000,986,689 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF
[2012.02.09 11:35:35 | 000,939,645 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF
[2012.02.06 18:30:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.02.04 18:29:09 | 000,001,998 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk
[2012.01.30 21:03:52 | 000,000,172 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL
[2011.07.24 02:22:27 | 000,000,022 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini
[2011.05.03 16:32:57 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.03 16:32:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011.05.02 15:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.04.30 17:52:36 | 000,024,088 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\UserTile.png
[2011.04.10 23:10:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011.04.10 23:10:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011.04.10 23:10:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011.04.10 23:10:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011.04.10 23:10:46 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011.04.10 23:10:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011.04.10 23:10:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011.04.10 23:10:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011.04.10 23:10:45 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011.04.10 23:09:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011.04.10 23:09:35 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011.04.03 13:23:32 | 000,000,091 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\sversion.ini
[2011.04.03 13:20:53 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011.04.02 06:25:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.04.02 06:24:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.04.02 06:23:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.04.01 23:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.04.01 20:20:06 | 000,054,784 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.31 17:08:38 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps.dat
[2011.03.31 14:10:25 | 000,000,552 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d8caps.dat
[2011.03.31 09:22:54 | 000,001,460 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004.09.25 13:38:24 | 000,037,376 | ---- | C] () -- C:\Windows\UnInstall_Teudogar_0815.Exe
 
========== LOP Check ==========
 
[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex
[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper
[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX
[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org
[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking
[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT
[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios
[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock
[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client
[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay
[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2012.02.14 17:09:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Scan

OTL.Text
Code:
ATTFilter
OTL logfile created on: 14.02.2012 17:50:40 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas Flander\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 59,11% Memory free
7,72 Gb Paging File | 6,04 Gb Available in Paging File | 78,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,42 Gb Total Space | 61,43 Gb Free Space | 21,67% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32
 
Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andreas Flander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ArcorOnline\AOButler.exe (Vodafone D2 GmbH)
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()
MOD - C:\Windows\SysWOW64\LXEAsmr.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()
MOD - C:\Windows\SysWOW64\LXEAsm.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 20:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 20:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.13 16:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 19:31:34 | 000,000,000 | ---D | M]
 
[2011.07.17 23:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2012.01.06 12:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions
[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml
[2011.12.10 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.13 16:21:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ANDREAS FLANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5FJYD40.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.04 19:31:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.04 19:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 19:31:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.04 19:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.04 19:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.04 19:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4DA66F-9E0F-41CD-B5E8-615E73736BEB}: NameServer = 195.50.140.118 195.50.140.180
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.14 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.14 14:28:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.02.13 22:49:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2012.02.13 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\secu
[2012.02.12 00:00:22 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2012.02.10 13:45:51 | 000,000,000 | ---D | C] -- C:\Download
[2012.02.10 13:45:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2012.02.06 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012.02.06 19:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012.02.06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Neuer Ordner (2)
[2012.02.06 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience
[2012.02.06 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev
[2012.02.04 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Venetica
[2012.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2012.02.04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Venetica
[2012.01.24 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2012.01.24 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Sea Studios
[2012.01.24 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Sea Studios
[2012.01.22 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Coelis 1.1 Final
[2012.01.16 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks
[2012.01.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.01.16 20:01:44 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.01.16 20:01:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.01.16 20:01:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.01.16 20:01:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.01.16 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.15 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Back to the Roots
[2011.04.10 23:10:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011.04.10 23:10:46 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011.04.10 23:10:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011.04.10 23:10:45 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011.04.10 23:10:45 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011.04.10 23:10:45 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011.04.10 23:10:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011.04.10 23:10:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011.04.10 23:10:44 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011.04.10 23:10:44 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011.04.10 23:10:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2011.04.10 23:10:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011.03.31 09:46:24 | 000,013,272 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxxxxx\AppData\Local\cmdial32.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 17:16:33 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.14 17:16:33 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.14 17:16:33 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.14 17:16:33 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.14 17:16:33 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 14:28:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.02.14 14:24:30 | 000,000,022 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini
[2012.02.13 22:56:51 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.13 22:49:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2012.02.09 17:56:59 | 000,054,784 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.09 17:28:05 | 000,001,460 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat
[2012.02.09 11:41:08 | 000,404,154 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF
[2012.02.09 11:38:29 | 000,986,689 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF
[2012.02.09 11:35:36 | 000,939,645 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF
[2012.02.06 18:30:46 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\SI.bin
[2012.02.04 18:29:09 | 000,001,998 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk
[2012.02.01 17:59:00 | 000,000,172 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL
[2012.01.20 11:59:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.16 20:01:44 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012.01.16 20:01:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012.01.16 20:01:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012.01.16 20:01:25 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.13 22:56:51 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 11:41:08 | 000,404,154 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF
[2012.02.09 11:38:28 | 000,986,689 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF
[2012.02.09 11:35:35 | 000,939,645 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF
[2012.02.06 18:30:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.02.04 18:29:09 | 000,001,998 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk
[2012.01.30 21:03:52 | 000,000,172 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL
[2011.07.24 02:22:27 | 000,000,022 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini
[2011.05.03 16:32:57 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.03 16:32:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011.05.02 15:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.04.30 17:52:36 | 000,024,088 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\UserTile.png
[2011.04.10 23:10:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011.04.10 23:10:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011.04.10 23:10:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011.04.10 23:10:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011.04.10 23:10:46 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011.04.10 23:10:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011.04.10 23:10:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011.04.10 23:10:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011.04.10 23:10:45 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011.04.10 23:09:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011.04.10 23:09:35 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011.04.03 13:23:32 | 000,000,091 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\sversion.ini
[2011.04.03 13:20:53 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011.04.02 06:25:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.04.02 06:24:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.04.02 06:23:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.04.01 23:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.04.01 20:20:06 | 000,054,784 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.31 17:08:38 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps.dat
[2011.03.31 14:10:25 | 000,000,552 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d8caps.dat
[2011.03.31 09:22:54 | 000,001,460 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004.09.25 13:38:24 | 000,037,376 | ---- | C] () -- C:\Windows\UnInstall_Teudogar_0815.Exe
 
========== LOP Check ==========
 
[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex
[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper
[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX
[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org
[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking
[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT
[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios
[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock
[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client
[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay
[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2012.02.14 17:09:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 14.02.2012 17:50:40 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxxxxx\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 59,11% Memory free
7,72 Gb Paging File | 6,04 Gb Available in Paging File | 78,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,42 Gb Total Space | 61,43 Gb Free Space | 21,67% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32
 
Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 88 9E 3C 97 3A F1 CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27A3CE36-5836-4AB8-A0B4-4D9266E3C341}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{306F8578-A766-40D2-8D9B-9F6B2A49AC3B}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EDF0951-7587-416C-B8F3-3DF0E6DB49A2}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{10307B78-42BB-4B79-9B38-D60D12568A8F}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe | 
"{11CD1BD7-F580-4C72-B9C8-262FB6DA3729}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
"{50EDE9ED-108A-4A1E-9170-DBC5D4AB4163}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{54087606-C329-4139-9DD1-E3746FDE78DF}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe | 
"{7B43E0B7-B7EF-46D0-B20E-C2F877434DAA}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{8950C381-5839-4F60-89D7-E40F41175E02}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe | 
"{C7FB9F03-CF88-4E67-A8F1-B39FE359E3A4}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{D62962E5-63DD-48F6-8AC2-579553708D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe | 
"{E4EC019E-C3DF-43BF-97D6-A7AA62E72CB2}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 
"{F5A3116C-38D1-4765-9635-1781D033E8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"TCP Query User{5E30CE99-60D3-4272-9635-0C8DAF131FD8}C:\users\andreas flander\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\andreas flander\downloads\maestia-downloader.exe | 
"TCP Query User{8D8778A5-182C-4189-AE5D-129DDD385C61}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe | 
"TCP Query User{AAE721CD-DD0B-4BA6-A219-EC83EF848C69}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{24593FC2-C1FC-4255-9448-176414D183CA}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe | 
"UDP Query User{D2FD8570-0AA0-476F-AE87-8E065687C64B}C:\users\andreas flander\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\andreas flander\downloads\maestia-downloader.exe | 
"UDP Query User{E7484AF6-32DE-489A-AB25-FCFAF38CFE32}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20587144-2AC1-48AA-B815-3575F68E5A9C}" = Simple Adblock
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E47844E-4A18-454B-A977-EC2CCF3F1472}" = X2 - Die Bedrohung (V1.4)
"{4E47844E-4A18-454B-A977-EC2CCFFFFF72}" = X2 - Die Bedrohung DEMO
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{689D6616-9790-431C-989E-E91BB82FB002}" = Knights of Honor Demo
"{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139D}" = FUSSBALL MANAGER 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{883D3FE3-E8BA-4427-B1B8-3E0B5D60AC94}" = @promt Professional EGGE Special Edition
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201101
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Media Player+_is1" = Ashampoo Media Player+ 2.03
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Die Gilde 2 - Back to the Roots_is1" = Die Gilde 2 - Back to the Roots Patch v1.2
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"Impulse" = Impulse
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.4b
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MWS Reader 4_is1" = MWS Reader 4
"OpenSubtitlesPlayer_is1" = OpenSubtitlesPlayer V4.X
"RenSim_is1" = RenSim 3
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Teudogar and the Alliance with Rome" = Teudogar and the Alliance with Rome
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Two Worlds" = Two Worlds
"Venetica_is1" = Venetica
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OpenOffice.org 1.1.2" = OpenOffice.org 1.1.2
"Pirate Galaxy" = Pirate Galaxy
"Regnum Coelis 1.1 Final" = Regnum Coelis 1.1 Final
"Schwert und Speer Ultimat" = Schwert und Speer Ultimat
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2012 10:57:51 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2012 11:01:51 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2012 11:05:20 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2012 11:08:13 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2012 11:12:54 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.02.2012 11:22:57 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4109
Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9
 
Error - 13.02.2012 11:22:57 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
 
Error - 13.02.2012 11:24:05 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2012 04:21:20 | Computer Name = Home-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2012 04:22:19 | Computer Name = Home-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 13.02.2012 11:24:06 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.02.2012 11:24:06 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.02.2012 11:26:13 | Computer Name = Home-PC | Source = WinDefend | ID = 2004
Description = 
 
Error - 14.02.2012 04:21:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.02.2012 04:21:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.02.2012 06:07:31 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.02.2012 06:07:31 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.02.2012 06:11:52 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 14.02.2012 12:11:29 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 14.02.2012 12:11:29 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
Zitat:
Der Text, den Sie eingegeben haben, besteht aus 156495 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 100000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!
Zitat:
Fehler beim Hochladen
OTL.Txt s.txt:
Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 132,7 KB groß.
Teil 2 folgt

Alt 14.02.2012, 19:14   #8
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Teil 2

CustomScan mit OTL

Code:
ATTFilter
OTL logfile created on: 14.02.2012 18:35:04 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxxxxx\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 60,01% Memory free
7,72 Gb Paging File | 6,18 Gb Available in Paging File | 80,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,42 Gb Total Space | 63,16 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32
 
Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()
MOD - C:\Windows\SysWOW64\LXEAsmr.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()
MOD - C:\Windows\SysWOW64\LXEAsm.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )
SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 20:49:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 20:49:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.13 16:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 19:31:34 | 000,000,000 | ---D | M]
 
[2011.07.17 23:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2012.01.06 12:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions
[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml
[2011.12.10 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.13 16:21:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ANDREAS FLANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5FJYD40.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.04 19:31:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.04 19:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 19:31:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.04 19:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.02.04 19:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.04 19:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O27:64bit: - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.14 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.14 14:28:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.02.13 22:49:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2012.02.13 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\secu
[2012.02.12 00:00:22 | 000,000,000 | ---D | C] -- C:\gPotato.eu
[2012.02.10 13:45:51 | 000,000,000 | ---D | C] -- C:\Download
[2012.02.10 13:45:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2012.02.06 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012.02.06 19:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012.02.06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Neuer Ordner (2)
[2012.02.06 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience
[2012.02.06 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev
[2012.02.04 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Venetica
[2012.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica
[2012.02.04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Venetica
[2012.01.24 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2012.01.24 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Sea Studios
[2012.01.24 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Sea Studios
[2012.01.22 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Coelis 1.1 Final
[2012.01.16 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks
[2012.01.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012.01.16 20:01:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012.01.16 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2012.01.15 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Back to the Roots
[2011.04.10 23:10:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll
[2011.04.10 23:10:46 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll
[2011.04.10 23:10:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll
[2011.04.10 23:10:45 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll
[2011.04.10 23:10:45 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll
[2011.04.10 23:10:45 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll
[2011.04.10 23:10:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll
[2011.04.10 23:10:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll
[2011.04.10 23:10:44 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe
[2011.04.10 23:10:44 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll
[2011.04.10 23:10:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe
[2011.04.10 23:10:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe
[2011.03.31 09:46:24 | 000,013,272 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxxxxx\AppData\Local\cmdial32.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.14 17:16:33 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.14 17:16:33 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.14 17:16:33 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.14 17:16:33 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.14 17:16:33 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 14:28:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.02.14 14:24:30 | 000,000,022 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini
[2012.02.13 22:56:51 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.13 22:49:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2012.02.09 17:56:59 | 000,054,784 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.09 17:28:05 | 000,001,460 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat
[2012.02.09 11:41:08 | 000,404,154 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF
[2012.02.09 11:38:29 | 000,986,689 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF
[2012.02.09 11:35:36 | 000,939,645 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF
[2012.02.06 18:30:46 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\SI.bin
[2012.02.04 18:29:09 | 000,001,998 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk
[2012.02.01 17:59:00 | 000,000,172 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL
[2012.01.20 11:59:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.16 20:01:25 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.13 22:56:51 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 11:41:08 | 000,404,154 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF
[2012.02.09 11:38:28 | 000,986,689 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF
[2012.02.09 11:35:35 | 000,939,645 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF
[2012.02.06 18:30:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.02.04 18:29:09 | 000,001,998 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk
[2012.01.30 21:03:52 | 000,000,172 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL
[2011.07.24 02:22:27 | 000,000,022 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini
[2011.05.03 16:32:57 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.03 16:32:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2011.05.02 15:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.04.30 17:52:36 | 000,024,088 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\UserTile.png
[2011.04.10 23:10:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll
[2011.04.10 23:10:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll
[2011.04.10 23:10:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll
[2011.04.10 23:10:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll
[2011.04.10 23:10:46 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll
[2011.04.10 23:10:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll
[2011.04.10 23:10:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll
[2011.04.10 23:10:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll
[2011.04.10 23:10:45 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll
[2011.04.10 23:09:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll
[2011.04.10 23:09:35 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll
[2011.04.03 13:23:32 | 000,000,091 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\sversion.ini
[2011.04.03 13:20:53 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe
[2011.04.02 06:25:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.04.02 06:24:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.04.02 06:23:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.04.01 23:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.04.01 20:20:06 | 000,054,784 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.31 17:08:38 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps.dat
[2011.03.31 14:10:25 | 000,000,552 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d8caps.dat
[2011.03.31 09:22:54 | 000,001,460 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004.09.25 13:38:24 | 000,037,376 | ---- | C] () -- C:\Windows\UnInstall_Teudogar_0815.Exe
 
========== LOP Check ==========
 
[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex
[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper
[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX
[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org
[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking
[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT
[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios
[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock
[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client
[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay
[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2012.02.14 17:09:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.31 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Adobe
[2011.08.10 20:41:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avira
[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex
[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper
[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios
[2011.04.01 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\DivX
[2011.03.31 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Google
[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.09.20 13:46:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Help
[2011.03.31 09:23:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Identities
[2011.06.20 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\InstallShield
[2011.03.31 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Macromedia
[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX
[2011.08.10 22:19:02 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Media Center Programs
[2011.08.10 20:34:57 | 000,000,000 | --SD | M] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft
[2011.05.07 07:46:15 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla
[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org
[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking
[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT
[2012.01.16 20:02:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Real
[2012.01.16 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks
[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios
[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock
[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client
[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay
[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2012.02.09 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\vlc
[2011.04.03 22:21:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.07.21 08:14:01 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCF3F1472}\ARPPRODUCTICON.exe
[2011.07.17 21:34:38 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCFFFFF72}\ARPPRODUCTICON.exe
[2011.07.17 21:34:38 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCFFFFF72}\NewShortcut2_4E47844E4A18454BA977EC2CCF3F1472_1.exe
[2011.11.15 22:14:41 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.10.22 18:18:12 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.10.22 18:14:35 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
[2011.04.22 17:12:01 | 000,327,487 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\Launcher.exe
[2011.03.03 18:40:02 | 000,250,931 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\Repair.exe
[2011.04.22 17:09:57 | 000,060,648 | ---- | M] (Splitscreen Studios GmbH) -- C:\Users\Andreas Flander\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\uninstall.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\java-rmi.exe
[2010.03.12 11:05:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\java.exe
[2010.03.12 11:05:12 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\javacpl.exe
[2010.03.12 11:05:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\javaw.exe
[2010.03.12 11:05:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\javaws.exe
[2010.03.12 11:05:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jbroker.exe
[2010.03.12 11:05:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jp2launcher.exe
[2010.03.12 11:05:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jqs.exe
[2010.03.12 11:05:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jqsnotify.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\keytool.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\kinit.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\klist.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\ktab.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\orbd.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\pack200.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\policytool.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\rmid.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\rmiregistry.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\servertool.exe
[2010.03.12 11:05:12 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\ssvagent.exe
[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\tnameserv.exe
[2010.03.12 11:05:12 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\unpack200.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.05.08 09:14:27 | 000,258,048 | ---- | M] () -- C:\config.exe
[2009.05.08 09:14:27 | 000,081,920 | ---- | M] () -- C:\errorlog.exe
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009.05.08 09:14:27 | 000,593,920 | ---- | M] (Ymir Entertainment) -- C:\metin2.exe
[2009.05.08 09:14:27 | 000,131,072 | ---- | M] () -- C:\PatchUpdater.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
<           >

< End of report >

mfg Rainstorm

Alt 14.02.2012, 21:29   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=de&q="
[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml
[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.02.2012, 22:08   #10
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Script ausgeführt.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" removed from keyword.URL
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\defaults\preferences folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\defaults folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\components folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\translators folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\services folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\options folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\flags-s folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\flags folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\domains folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\addit folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-TW\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-TW folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-CN\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-CN folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\tr\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\tr folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sv\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sv folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sr\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sr folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sk\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sk folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ru\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ru folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ro\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ro folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pt-BR\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pt-BR folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pl\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pl folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\nl\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\nl folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ja\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ja folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\it\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\it folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\id\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\id folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\hu\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\hu folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\he\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\he folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\gl\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\gl folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\fr\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\fr folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\es-ES\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\es-ES folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\en-US\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\en-US folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\de\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\de folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\da\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\da folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\cs\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\cs folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ca\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ca folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ar\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ar folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\af\foxlingo folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\af folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\content folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} folder moved successfully.
C:\Users\Andreas Flander\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml moved successfully.
File C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.
C:\Program Files (x86)\Lexmark Toolbar\toolband.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FF284F5C-7CF9-4682-8701-D467C1DBB99F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF284F5C-7CF9-4682-8701-D467C1DBB99F}\ deleted successfully.
C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files (x86)\Lexmark Toolbar\toolband.dll not found.
Registry value HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
File C:\Program Files (x86)\Lexmark Toolbar\toolband.dll not found.
64bit-Registry value HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi371a~1\datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi371a~1\datamngr\iebho.dll deleted successfully.
File pInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ not found.
File E:\start.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: xxxxxx
->Temp folder emptied: 12052342 bytes
->Temporary Internet Files folder emptied: 614801346 bytes
->Java cache emptied: 966724 bytes
->FireFox cache emptied: 62552959 bytes
->Google Chrome cache emptied: 6602295 bytes
->Flash cache emptied: 393537 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262048 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 347743112 bytes
 
Total Files Cleaned = 997,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02142012_215412

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
He da kennt einer seine Papenheimer recht gut. Lagst richtig mit xxxxxx beim Austausch mit dem eigenen Namen.

mfg Rainstorm

Alt 14.02.2012, 22:12   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.02.2012, 22:31   #12
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Hab beim download von Avira eine Warnung bekommen.

----
Guard: Malware gefunden
Datum/Uhrzeit: 14.02.2012,
22:23:23 Typ: Fund

In der Datei 'C:Users\xxxxxx\Downloads\tdsskiller.exe ' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' gefunden.

Der Zugriff auf diese Datei wurde verweigert.

Bitte wählen sie weitere Aktionen:

Entfernen oder Details

----
*Dummfrag* Was soll ich machen?

mfg Rainstorm

Alt 14.02.2012, 22:38   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Das ist ein Fehlalarm!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.02.2012, 22:49   #14
Rainstorm
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Musste Avira für Scan deaktivieren. Kein Fund.

Code:
ATTFilter
22:42:11.0721 3848	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
22:42:11.0861 3848	============================================================
22:42:11.0861 3848	Current date / time: 2012/02/14 22:42:11.0861
22:42:11.0861 3848	SystemInfo:
22:42:11.0861 3848	
22:42:11.0861 3848	OS Version: 6.0.6002 ServicePack: 2.0
22:42:11.0861 3848	Product type: Workstation
22:42:11.0861 3848	ComputerName: HOME-PC
22:42:11.0862 3848	UserName: xxxxxx
22:42:11.0862 3848	Windows directory: C:\Windows
22:42:11.0862 3848	System windows directory: C:\Windows
22:42:11.0862 3848	Running under WOW64
22:42:11.0862 3848	Processor architecture: Intel x64
22:42:11.0862 3848	Number of processors: 2
22:42:11.0862 3848	Page size: 0x1000
22:42:11.0862 3848	Boot type: Normal boot
22:42:11.0862 3848	============================================================
22:42:12.0963 3848	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:42:12.0983 3848	\Device\Harddisk0\DR0:
22:42:12.0984 3848	MBR used
22:42:12.0984 3848	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x236D9800
22:42:13.0007 3848	\Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x236DA03F, BlocksNum 0x1D53682
22:42:13.0052 3848	Initialize success
22:42:13.0052 3848	============================================================
22:42:57.0101 2456	============================================================
22:42:57.0101 2456	Scan started
22:42:57.0101 2456	Mode: Manual; SigCheck; TDLFS; 
22:42:57.0101 2456	============================================================
22:42:57.0464 2456	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:42:57.0567 2456	ACPI - ok
22:42:57.0611 2456	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:42:57.0632 2456	adp94xx - ok
22:42:57.0666 2456	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:42:57.0684 2456	adpahci - ok
22:42:57.0703 2456	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:42:57.0715 2456	adpu160m - ok
22:42:57.0747 2456	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:42:57.0759 2456	adpu320 - ok
22:42:57.0813 2456	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
22:42:57.0921 2456	AFD - ok
22:42:57.0977 2456	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:42:57.0991 2456	agp440 - ok
22:42:58.0018 2456	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:42:58.0033 2456	aic78xx - ok
22:42:58.0058 2456	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:42:58.0069 2456	aliide - ok
22:42:58.0091 2456	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:42:58.0103 2456	amdide - ok
22:42:58.0129 2456	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:42:58.0284 2456	AmdK8 - ok
22:42:58.0397 2456	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:42:58.0407 2456	arc - ok
22:42:58.0453 2456	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:42:58.0465 2456	arcsas - ok
22:42:58.0494 2456	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:42:58.0549 2456	AsyncMac - ok
22:42:58.0584 2456	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:42:58.0596 2456	atapi - ok
22:42:58.0638 2456	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
22:42:58.0848 2456	avgntflt - ok
22:42:58.0966 2456	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
22:42:58.0976 2456	avipbb - ok
22:42:59.0070 2456	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:42:59.0122 2456	blbdrive - ok
22:42:59.0164 2456	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:42:59.0230 2456	bowser - ok
22:42:59.0249 2456	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:42:59.0358 2456	BrFiltLo - ok
22:42:59.0415 2456	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:42:59.0455 2456	BrFiltUp - ok
22:42:59.0476 2456	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:42:59.0648 2456	Brserid - ok
22:42:59.0720 2456	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:42:59.0793 2456	BrSerWdm - ok
22:42:59.0838 2456	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:42:59.0912 2456	BrUsbMdm - ok
22:42:59.0940 2456	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:43:00.0004 2456	BrUsbSer - ok
22:43:00.0039 2456	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:43:00.0107 2456	BTHMODEM - ok
22:43:00.0143 2456	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:43:00.0192 2456	cdfs - ok
22:43:00.0232 2456	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:43:00.0281 2456	cdrom - ok
22:43:00.0318 2456	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:43:00.0365 2456	circlass - ok
22:43:00.0412 2456	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:43:00.0430 2456	CLFS - ok
22:43:00.0480 2456	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:43:00.0489 2456	cmdide - ok
22:43:00.0547 2456	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
22:43:00.0556 2456	Compbatt - ok
22:43:00.0584 2456	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:43:00.0595 2456	crcdisk - ok
22:43:00.0640 2456	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:43:00.0702 2456	DfsC - ok
22:43:00.0739 2456	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:43:00.0750 2456	disk - ok
22:43:00.0788 2456	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:43:00.0829 2456	drmkaud - ok
22:43:00.0883 2456	dump_wmimmc - ok
22:43:00.0932 2456	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:43:00.0983 2456	DXGKrnl - ok
22:43:01.0028 2456	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:43:01.0070 2456	E1G60 - ok
22:43:01.0078 2456	EagleX64 - ok
22:43:01.0128 2456	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:43:01.0141 2456	Ecache - ok
22:43:01.0219 2456	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:43:01.0238 2456	elxstor - ok
22:43:01.0265 2456	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:43:01.0313 2456	ErrDev - ok
22:43:01.0380 2456	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:43:01.0423 2456	exfat - ok
22:43:01.0455 2456	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:43:01.0499 2456	fastfat - ok
22:43:01.0535 2456	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:43:01.0568 2456	fdc - ok
22:43:01.0590 2456	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:43:01.0602 2456	FileInfo - ok
22:43:01.0633 2456	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:43:01.0686 2456	Filetrace - ok
22:43:01.0711 2456	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:43:01.0741 2456	flpydisk - ok
22:43:01.0780 2456	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:43:01.0796 2456	FltMgr - ok
22:43:01.0825 2456	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:43:01.0877 2456	Fs_Rec - ok
22:43:01.0900 2456	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:43:01.0913 2456	gagp30kx - ok
22:43:01.0967 2456	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
22:43:02.0031 2456	HdAudAddService - ok
22:43:02.0067 2456	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:43:02.0154 2456	HDAudBus - ok
22:43:02.0195 2456	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:43:02.0261 2456	HidBth - ok
22:43:02.0285 2456	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:43:02.0356 2456	HidIr - ok
22:43:02.0404 2456	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:43:02.0452 2456	HidUsb - ok
22:43:02.0480 2456	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:43:02.0490 2456	HpCISSs - ok
22:43:02.0528 2456	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:43:02.0615 2456	HTTP - ok
22:43:02.0630 2456	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:43:02.0642 2456	i2omp - ok
22:43:02.0662 2456	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:43:02.0686 2456	i8042prt - ok
22:43:02.0715 2456	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:43:02.0730 2456	iaStorV - ok
22:43:02.0776 2456	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:43:02.0787 2456	iirsp - ok
22:43:02.0855 2456	IntcAzAudAddService (f9c251a94f76231d9ee946401060eee1) C:\Windows\system32\drivers\RTKVHD64.sys
22:43:02.0942 2456	IntcAzAudAddService - ok
22:43:02.0967 2456	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:43:02.0978 2456	intelide - ok
22:43:03.0005 2456	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:43:03.0057 2456	intelppm - ok
22:43:03.0109 2456	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:43:03.0149 2456	IpFilterDriver - ok
22:43:03.0162 2456	IpInIp - ok
22:43:03.0192 2456	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:43:03.0223 2456	IPMIDRV - ok
22:43:03.0248 2456	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:43:03.0294 2456	IPNAT - ok
22:43:03.0324 2456	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:43:03.0377 2456	IRENUM - ok
22:43:03.0412 2456	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:43:03.0423 2456	isapnp - ok
22:43:03.0458 2456	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:43:03.0472 2456	iScsiPrt - ok
22:43:03.0501 2456	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:43:03.0511 2456	iteatapi - ok
22:43:03.0539 2456	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:43:03.0549 2456	iteraid - ok
22:43:03.0572 2456	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:43:03.0582 2456	kbdclass - ok
22:43:03.0599 2456	kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:43:03.0655 2456	kbdhid - ok
22:43:03.0707 2456	KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
22:43:03.0745 2456	KSecDD - ok
22:43:03.0781 2456	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:43:03.0836 2456	ksthunk - ok
22:43:03.0897 2456	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:43:03.0947 2456	lltdio - ok
22:43:04.0140 2456	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:43:04.0152 2456	LSI_FC - ok
22:43:04.0194 2456	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:43:04.0205 2456	LSI_SAS - ok
22:43:04.0237 2456	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:43:04.0248 2456	LSI_SCSI - ok
22:43:04.0272 2456	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:43:04.0323 2456	luafv - ok
22:43:04.0366 2456	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:43:04.0377 2456	megasas - ok
22:43:04.0429 2456	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:43:04.0451 2456	MegaSR - ok
22:43:04.0480 2456	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:43:04.0530 2456	Modem - ok
22:43:04.0559 2456	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:43:04.0590 2456	monitor - ok
22:43:04.0606 2456	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:43:04.0616 2456	mouclass - ok
22:43:04.0638 2456	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:43:04.0693 2456	mouhid - ok
22:43:04.0725 2456	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:43:04.0736 2456	MountMgr - ok
22:43:04.0763 2456	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:43:04.0773 2456	mpio - ok
22:43:04.0794 2456	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:43:04.0841 2456	mpsdrv - ok
22:43:04.0872 2456	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:43:04.0883 2456	Mraid35x - ok
22:43:04.0932 2456	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:43:04.0981 2456	MRxDAV - ok
22:43:05.0021 2456	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:43:05.0046 2456	mrxsmb - ok
22:43:05.0082 2456	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:43:05.0123 2456	mrxsmb10 - ok
22:43:05.0133 2456	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:43:05.0159 2456	mrxsmb20 - ok
22:43:05.0204 2456	msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
22:43:05.0216 2456	msahci - ok
22:43:05.0261 2456	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:43:05.0272 2456	msdsm - ok
22:43:05.0309 2456	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:43:05.0356 2456	Msfs - ok
22:43:05.0384 2456	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:43:05.0395 2456	msisadrv - ok
22:43:05.0430 2456	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:43:05.0477 2456	MSKSSRV - ok
22:43:05.0512 2456	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:43:05.0560 2456	MSPCLOCK - ok
22:43:05.0591 2456	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:43:05.0638 2456	MSPQM - ok
22:43:05.0687 2456	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:43:05.0704 2456	MsRPC - ok
22:43:05.0723 2456	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:43:05.0733 2456	mssmbios - ok
22:43:05.0756 2456	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:43:05.0804 2456	MSTEE - ok
22:43:05.0836 2456	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:43:05.0848 2456	Mup - ok
22:43:05.0928 2456	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:43:05.0966 2456	NativeWifiP - ok
22:43:06.0014 2456	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:43:06.0050 2456	NDIS - ok
22:43:06.0080 2456	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:43:06.0122 2456	NdisTapi - ok
22:43:06.0147 2456	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:43:06.0203 2456	Ndisuio - ok
22:43:06.0238 2456	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:43:06.0288 2456	NdisWan - ok
22:43:06.0320 2456	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:43:06.0359 2456	NDProxy - ok
22:43:06.0389 2456	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:43:06.0443 2456	NetBIOS - ok
22:43:06.0489 2456	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:43:06.0541 2456	netbt - ok
22:43:06.0595 2456	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:43:06.0605 2456	nfrd960 - ok
22:43:06.0642 2456	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:43:06.0688 2456	Npfs - ok
22:43:06.0700 2456	NPPTNT2 - ok
22:43:06.0757 2456	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:43:06.0812 2456	nsiproxy - ok
22:43:06.0886 2456	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:43:06.0964 2456	Ntfs - ok
22:43:06.0993 2456	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:43:07.0040 2456	Null - ok
22:43:07.0102 2456	NVENETFD        (e132423e77fdcd11880bab7a8dbac8aa) C:\Windows\system32\DRIVERS\nvmfdx64.sys
22:43:07.0179 2456	NVENETFD - ok
22:43:07.0446 2456	nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:43:08.0259 2456	nvlddmkm - ok
22:43:08.0359 2456	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:43:08.0370 2456	nvraid - ok
22:43:08.0420 2456	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:43:08.0431 2456	nvstor - ok
22:43:08.0470 2456	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:43:08.0482 2456	nv_agp - ok
22:43:08.0498 2456	NwlnkFlt - ok
22:43:08.0513 2456	NwlnkFwd - ok
22:43:08.0550 2456	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
22:43:08.0602 2456	ohci1394 - ok
22:43:08.0637 2456	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:43:08.0694 2456	Parport - ok
22:43:08.0735 2456	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:43:08.0749 2456	partmgr - ok
22:43:08.0772 2456	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:43:08.0785 2456	pci - ok
22:43:08.0800 2456	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
22:43:08.0812 2456	pciide - ok
22:43:08.0849 2456	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:43:08.0861 2456	pcmcia - ok
22:43:08.0897 2456	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:43:08.0995 2456	PEAUTH - ok
22:43:09.0095 2456	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:43:09.0140 2456	PptpMiniport - ok
22:43:09.0186 2456	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:43:09.0247 2456	Processor - ok
22:43:09.0297 2456	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:43:09.0323 2456	PSched - ok
22:43:09.0369 2456	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:43:09.0441 2456	ql2300 - ok
22:43:09.0466 2456	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:43:09.0478 2456	ql40xx - ok
22:43:09.0521 2456	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:43:09.0561 2456	QWAVEdrv - ok
22:43:09.0573 2456	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:43:09.0622 2456	RasAcd - ok
22:43:09.0671 2456	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:43:09.0714 2456	Rasl2tp - ok
22:43:09.0760 2456	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:43:09.0801 2456	RasPppoe - ok
22:43:09.0841 2456	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:43:09.0871 2456	RasSstp - ok
22:43:09.0908 2456	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:43:09.0960 2456	rdbss - ok
22:43:09.0987 2456	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:43:10.0024 2456	RDPCDD - ok
22:43:10.0055 2456	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:43:10.0110 2456	rdpdr - ok
22:43:10.0139 2456	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:43:10.0192 2456	RDPENCDD - ok
22:43:10.0242 2456	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
22:43:10.0268 2456	RDPWD - ok
22:43:10.0310 2456	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:43:10.0343 2456	rspndr - ok
22:43:10.0367 2456	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:43:10.0380 2456	sbp2port - ok
22:43:10.0453 2456	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:43:10.0525 2456	secdrv - ok
22:43:10.0588 2456	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
22:43:10.0638 2456	Serenum - ok
22:43:10.0663 2456	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
22:43:10.0717 2456	Serial - ok
22:43:10.0755 2456	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:43:10.0814 2456	sermouse - ok
22:43:10.0875 2456	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:43:10.0931 2456	sffdisk - ok
22:43:10.0960 2456	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:43:11.0019 2456	sffp_mmc - ok
22:43:11.0050 2456	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:43:11.0105 2456	sffp_sd - ok
22:43:11.0129 2456	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:43:11.0184 2456	sfloppy - ok
22:43:11.0285 2456	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:43:11.0295 2456	SiSRaid2 - ok
22:43:11.0326 2456	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:43:11.0345 2456	SiSRaid4 - ok
22:43:11.0423 2456	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:43:11.0485 2456	Smb - ok
22:43:11.0559 2456	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:43:11.0571 2456	spldr - ok
22:43:11.0858 2456	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:43:11.0942 2456	srv - ok
22:43:12.0350 2456	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:43:12.0410 2456	srv2 - ok
22:43:12.0524 2456	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:43:12.0539 2456	srvnet - ok
22:43:12.0591 2456	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:43:12.0603 2456	swenum - ok
22:43:12.0643 2456	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:43:12.0654 2456	Symc8xx - ok
22:43:12.0681 2456	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:43:12.0694 2456	Sym_hi - ok
22:43:12.0713 2456	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:43:12.0725 2456	Sym_u3 - ok
22:43:12.0809 2456	Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:43:12.0885 2456	Tcpip - ok
22:43:12.0931 2456	Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:43:12.0993 2456	Tcpip6 - ok
22:43:13.0027 2456	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:43:13.0081 2456	tcpipreg - ok
22:43:13.0107 2456	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:43:13.0158 2456	TDPIPE - ok
22:43:13.0182 2456	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:43:13.0234 2456	TDTCP - ok
22:43:13.0285 2456	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:43:13.0339 2456	tdx - ok
22:43:13.0384 2456	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:43:13.0400 2456	TermDD - ok
22:43:13.0517 2456	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:43:13.0570 2456	tssecsrv - ok
22:43:13.0637 2456	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
22:43:13.0646 2456	TuneUpUtilitiesDrv - ok
22:43:13.0698 2456	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:43:13.0739 2456	tunmp - ok
22:43:13.0769 2456	tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
22:43:13.0810 2456	tunnel - ok
22:43:13.0832 2456	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:43:13.0844 2456	uagp35 - ok
22:43:13.0883 2456	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:43:13.0933 2456	udfs - ok
22:43:13.0974 2456	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:43:13.0984 2456	uliagpkx - ok
22:43:14.0013 2456	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:43:14.0028 2456	uliahci - ok
22:43:14.0049 2456	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:43:14.0062 2456	UlSata - ok
22:43:14.0088 2456	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:43:14.0103 2456	ulsata2 - ok
22:43:14.0125 2456	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:43:14.0156 2456	umbus - ok
22:43:14.0208 2456	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:43:14.0244 2456	usbccgp - ok
22:43:14.0412 2456	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:43:14.0478 2456	usbcir - ok
22:43:14.0516 2456	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:43:14.0565 2456	usbehci - ok
22:43:14.0597 2456	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:43:14.0647 2456	usbhub - ok
22:43:14.0679 2456	usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
22:43:14.0724 2456	usbohci - ok
22:43:14.0768 2456	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:43:14.0800 2456	usbprint - ok
22:43:14.0841 2456	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:43:14.0873 2456	usbscan - ok
22:43:14.0898 2456	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:43:14.0923 2456	USBSTOR - ok
22:43:14.0954 2456	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:43:14.0999 2456	usbuhci - ok
22:43:15.0045 2456	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:43:15.0097 2456	vga - ok
22:43:15.0122 2456	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:43:15.0175 2456	VgaSave - ok
22:43:15.0206 2456	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:43:15.0216 2456	viaide - ok
22:43:15.0242 2456	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:43:15.0254 2456	volmgr - ok
22:43:15.0293 2456	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:43:15.0312 2456	volmgrx - ok
22:43:15.0333 2456	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:43:15.0354 2456	volsnap - ok
22:43:15.0375 2456	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:43:15.0387 2456	vsmraid - ok
22:43:15.0417 2456	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:43:15.0486 2456	WacomPen - ok
22:43:15.0523 2456	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:15.0569 2456	Wanarp - ok
22:43:15.0575 2456	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:43:15.0603 2456	Wanarpv6 - ok
22:43:15.0634 2456	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:43:15.0650 2456	Wd - ok
22:43:15.0697 2456	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:43:15.0741 2456	Wdf01000 - ok
22:43:15.0865 2456	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:43:15.0904 2456	WmiAcpi - ok
22:43:15.0962 2456	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:43:16.0011 2456	ws2ifsl - ok
22:43:16.0063 2456	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:43:16.0096 2456	WUDFRd - ok
22:43:16.0135 2456	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:43:16.0274 2456	\Device\Harddisk0\DR0 - ok
22:43:16.0279 2456	Boot (0x1200)   (641c5de7720416d95b50aae721a89aa3) \Device\Harddisk0\DR0\Partition0
22:43:16.0280 2456	\Device\Harddisk0\DR0\Partition0 - ok
22:43:16.0305 2456	Boot (0x1200)   (70aad6f692094ec246c33c3eae269898) \Device\Harddisk0\DR0\Partition1
22:43:16.0305 2456	\Device\Harddisk0\DR0\Partition1 - ok
22:43:16.0306 2456	============================================================
22:43:16.0306 2456	Scan finished
22:43:16.0306 2456	============================================================
22:43:16.0331 0628	Detected object count: 0
22:43:16.0331 0628	Actual detected object count: 0
mfg Rainstorm

Alt 15.02.2012, 10:44   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Standard

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 1 von 2 1 2

Themen zu Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt
achtung, achtung!, anschluss, avira, center, computer, forum, frage, gesperrt, google, ihr computer wurde gesperrt, internet, modus, neustart, problem, quarantäne, rechner, runter, scan, security, storm, surfen, systemwiederherstellung, tastatur, tipps, windows, windows security center


« Trojanerbefall - TR/Agent.7120.1 - Löschen nicht möglich | Von meinem Rechner gehen wohl E-Mails mit Schadlinks ab - ein Viren-/Trojanerproblem? »


Ähnliche Themen: Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt


  1. Windows Security Center - Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 19.04.2012 (41)
  2. Windows Security Center - Achtung Ihr Computer wurde gesperrt - 100€ zahlen
    Log-Analyse und Auswertung - 16.04.2012 (5)
  3. Achtung! Ihr Computer wurde gesperrt. Windows Security Center!?
    Log-Analyse und Auswertung - 02.04.2012 (21)
  4. Windows Security Center (100 euro zahlen) Achtung Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 14.03.2012 (1)
  5. Windows Security Center - Achtung! Ihr Computer wurde gesperrt! + 17 Viren
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (37)
  6. Windows Security Center Achtung! Ihr Computer wurde gesperrt!
    Log-Analyse und Auswertung - 21.02.2012 (18)
  7. Windows Security Center: Achtung Ihr Computer wurde gesperrt - mich hat es ebenfalls erwischt
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (21)
  8. Achtung! Ihr Computer wurde gesperrt! Windows Security Center
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (9)
  9. Windows Security Center Achtung! Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 15.02.2012 (15)
  10. Security Center !Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 10.02.2012 (31)
  11. Achtung Ihr Computer wurde gesperrt! Security Center
    Log-Analyse und Auswertung - 08.02.2012 (4)
  12. Windows Security Center...Achtung!Ihr Computer wurde gesperrt!100 € oder Daten werden gelöscht
    Log-Analyse und Auswertung - 07.02.2012 (5)
  13. windows 7, weißer Bildschirm, Meldung: windows security center, Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  14. Windows Security Center - Achtung! Ihr Computer wurde gesperrt !
    Log-Analyse und Auswertung - 05.02.2012 (1)
  15. Windows Security Center: Achtung! Computer gesperrt - mich hat's auch erwischt
    Log-Analyse und Auswertung - 05.02.2012 (3)
  16. Security Center - Achtung Ihr Computer wurde gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (1)
  17. Security Center !Achtung! Ihr Computer wurde gesperrt
    Log-Analyse und Auswertung - 02.02.2012 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt - Hallo an alle, über Google stolperte ich über euer Forum nachdem mein Rechner auch das "Windows Security Center Achtung! Ihr Computer wurde gesperrt " hatte. War gestern als das Problem - Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt...
Archiv
Du betrachtest: Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129