Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   BKA Trojaner (https://www.trojaner-board.de/103724-bka-trojaner.html)

jk_hamburg 28.09.2011 11:31
BKA Trojaner
 
Hallo,

habe wie schon im Titel geschrieben den BKA Trojaner auf einem Laptop. Nun habe ich mich hier schon ein wenig umgesehen im Forum. Habe mir OTLPENet runtergeladen und damit eine CD erstellt nun habe ich den Laptop auch gestartet bekommen und einen Scan mit OTL durgeführt .

Hier nun die Scans:

OTL.txt
Code:
OTL logfile created on: 9/27/2011 8:57:11 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.41 Gb Total Space | 184.47 Gb Free Space | 66.98% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 12.51 Gb Free Space | 55.20% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2008/10/24 08:54:32 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/24 08:54:30 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/07/22 04:20:57 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/02 06:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/10/03 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2009/05/27 13:46:02 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 13:45:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 13:45:54 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/07/10 23:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/12 21:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anika_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Anika_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\Anika_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anika_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 14:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 04:34:14 | 000,000,000 | ---D | M]
 
[2008/09/12 12:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\Mozilla\Extensions
[2011/04/21 08:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions
[2009/09/14 10:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/16 10:09:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/16 10:07:54 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009/11/06 05:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/16 18:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\conduit.xml
[2009/03/15 09:16:17 | 000,001,632 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\live-search.xml
[2010/09/02 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/02 17:19:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/08/01 06:23:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/08/01 06:23:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/08/01 06:23:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/08/01 06:23:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/08/01 06:23:22 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Anika_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - ("Explorer.exe") - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Anika_ON_C Winlogon: Shell - (C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe) - C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe ()
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTART.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/27 02:34:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/27 20:48:23 | 000,000,186 | ---- | M] () -- C:\RECOVER (D).lnk
[2011/09/27 13:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 13:38:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 13:38:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 13:38:44 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/27 13:38:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 13:38:25 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 11:23:51 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/09/27 11:23:51 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/27 11:23:51 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/09/27 11:23:51 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/27 11:15:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 01:49:31 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/27 01:42:30 | 000,367,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011/09/27 20:48:23 | 000,000,186 | ---- | C] () -- C:\RECOVER (D).lnk
[2011/09/27 13:38:25 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/15 16:05:51 | 000,000,066 | ---- | C] () -- C:\Users\Anika\AppData\default.pls
[2011/01/05 15:02:43 | 000,000,680 | ---- | C] () -- C:\Users\Anika\AppData\Local\d3d9caps.dat
[2010/09/02 17:21:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 12:59:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 12:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 12:58:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/16 14:35:41 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/16 14:25:09 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/03 13:33:23 | 000,018,944 | ---- | C] () -- C:\Users\Anika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 15:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\Default.PLS
[2008/10/05 07:39:51 | 000,000,626 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\wklnhst.dat
[2008/07/17 08:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/07/17 07:56:03 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/07/17 07:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/07/17 07:56:03 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/07/17 07:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/07/17 05:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008/07/17 03:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/17 02:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/07/14 05:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/29 16:56:14 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008/05/29 16:56:13 | 002,678,080 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008/05/29 16:56:04 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008/05/29 16:56:02 | 002,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008/05/29 16:55:44 | 000,052,152 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008/05/29 16:55:43 | 001,209,478 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008/05/29 16:55:39 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008/05/29 16:55:38 | 001,395,007 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008/05/29 16:55:32 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008/05/29 16:55:31 | 001,046,365 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008/05/29 16:55:31 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008/05/29 16:55:26 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008/05/29 16:55:19 | 000,305,784 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008/05/29 16:55:13 | 004,249,333 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008/05/29 16:55:02 | 028,871,584 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008/05/29 16:51:04 | 018,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008/05/29 16:50:07 | 016,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008/05/29 16:49:16 | 009,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008/05/29 16:48:55 | 003,861,568 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008/05/29 16:48:42 | 015,099,632 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008/05/29 16:48:11 | 004,871,833 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008/05/29 16:47:53 | 001,912,368 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008/05/29 16:47:46 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008/05/29 16:47:43 | 004,376,576 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2008/05/29 16:47:43 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008/02/08 16:33:18 | 000,323,584 | ---- | C] () -- C:\Program Files\setup.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,367,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/11/04 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener
[2010/08/16 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/04 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner
[2009/07/08 06:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org
[2008/10/05 07:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template
[2010/07/08 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/07/17 08:50:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/11/08 09:09:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/07/17 08:52:51 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/17 09:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/03 17:03:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2010/08/25 15:03:00 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/07/17 09:47:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/04/27 13:40:11 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Extra.txt
Code:
OTL Extras logfile created on: 9/27/2011 8:57:11 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.41 Gb Total Space | 184.47 Gb Free Space | 66.98% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 12.51 Gb Free Space | 55.20% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A787B327-ABF4-4655-8FC3-01F65FB68880}_is1" = Vortest 7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EXMARaLDA_is1" = EXMARaLDA 1.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
< End of report >
Ich hoffe Ihr könnt mir helfen.

mfg

Jan

cosinus 29.09.2011 10:08
Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anika_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Anika_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2010/08/16 10:09:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/16 10:07:54 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O20 - HKU\Anika_ON_C Winlogon: Shell - (C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe) - C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTART.EXE
:Files
C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe
:Commands
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

jk_hamburg 29.09.2011 12:42
Hallo Arne,

ich habe nun deinen "Fix" durchgeführt. denke es hat soweit alles klappt Windows startet wieder normal. Die gewünschen Datein bzw Die Zip Datei habe ich auch schon erfolgreich hochgeladen . Nun hier noch die Log Datei:

Code:
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files\softonic-de3\tbsoft.dll moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Prefs.js: "Live Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\Anika_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe deleted successfully.
C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found.
File E:\AUTOSTART.EXE not found.
========== FILES ==========
File\Folder C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 09292011_161836

Files\Folders moved on Reboot...
File\Folder X:\AUTORUN.INF not found!

Registry entries deleted on Reboot...
danke nochmals für die hilfe!!!



mfg Jan

cosinus 29.09.2011 13:13
Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Führe danach auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.

jk_hamburg 29.09.2011 19:27
So ich habe nun mit Malware gescannt sowie mit dem Online Scanner

hier nun die Logfiles:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7827

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

29.09.2011 16:53:53
mbam-log-2011-09-29 (16-53-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 338439
Laufzeit: 1 Stunde(n), 45 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-29 06:17:19
# local_time=2011-09-29 08:17:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 8291 8291 0 0
# compatibility_mode=5892 16776638 100 100 13479850 154842122 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=170824
# found=2
# cleaned=0
# scan_time=10845
C:\Users\Anika\Downloads\SoftonicDownloader64308.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\09292011_161836\C_Users\Anika\AppData\Local\Temp\0.6105569158567732.exe        a variant of Win32/Injector.GAW trojan (unable to clean)        00000000000000000000000000000000        I

ich hoffe ihr könnt mir weiterhelfen.

danke im vorraus

mfg

jan

cosinus 29.09.2011 19:32
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

jk_hamburg 29.09.2011 20:19
das ging ja schnell mit der antwort, so habe alles wie beschrieben ausgeführt .

hier die log.txt

OTL Logfile:
Code:
OTL logfile created on: 29.09.2011 20:48:02 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Anika\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,21% Memory free
6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 185,13 Gb Free Space | 67,22% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,51 Gb Free Space | 55,20% Space Free | Partition Type: FAT32
 
Computer Name: ANIKA-PC | User Name: Anika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.29 20:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe
PRC - [2011.09.09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2011.09.08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2010.08.01 12:23:20 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.22 10:20:56 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008.07.22 10:20:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.07.11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.07.11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1806
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011.09.29 15:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.09.29 15:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.25 20:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 10:34:14 | 000,000,000 | ---D | M]
 
[2008.09.12 18:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\mozilla\Extensions
[2011.09.29 15:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions
[2009.09.14 16:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.06 11:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.17 00:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\conduit.xml
[2009.03.15 15:16:17 | 000,001,632 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\live-search.xml
[2010.09.02 23:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.02 23:19:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.09.29 15:00:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX
[2008.10.05 14:15:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009.07.07 17:35:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.08.01 12:23:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 12:23:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.01 12:23:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.01 12:23:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.01 12:23:22 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.09.29 22:18:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - ("Explorer.exe") -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anika\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anika\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.29 22:18:45 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.09.29 22:18:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.29 20:44:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe
[2011.09.29 17:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.29 16:12:37 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.09.29 15:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011.09.29 15:02:18 | 000,000,000 | ---D | C] -- C:\Users\Anika\AppData\Roaming\AVG2012
[2011.09.29 15:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.09.29 14:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.09.29 14:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.09.29 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.09.29 14:53:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.09.29 14:53:16 | 000,000,000 | ---D | C] -- C:\Users\Anika\AppData\Roaming\Malwarebytes
[2011.09.29 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.29 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.29 14:53:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.29 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.29 14:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.09.27 08:34:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.29 20:55:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.29 20:55:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.29 20:45:49 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.29 20:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe
[2011.09.29 20:35:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.29 19:36:12 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.09.29 19:35:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.29 15:03:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.29 15:03:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.29 15:03:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.29 15:03:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.29 15:03:35 | 105,314,671 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.09.29 15:01:33 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.09.29 14:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.29 14:54:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.29 14:53:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.28 02:48:23 | 000,000,186 | ---- | M] () -- C:\RECOVER (D).lnk
[2011.09.27 07:49:31 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.27 07:42:30 | 000,367,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.09.29 16:22:59 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.29 15:03:35 | 105,314,671 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.09.29 15:01:33 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.09.29 14:53:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.28 02:48:23 | 000,000,186 | ---- | C] () -- C:\RECOVER (D).lnk
[2011.01.05 21:02:43 | 000,000,680 | ---- | C] () -- C:\Users\Anika\AppData\Local\d3d9caps.dat
[2010.09.02 23:21:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.20 18:59:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 18:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.20 18:58:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.16 20:35:41 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.16 20:25:09 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.03 19:33:23 | 000,018,944 | ---- | C] () -- C:\Users\Anika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 21:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\Default.PLS
[2008.10.05 13:39:51 | 000,000,626 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\wklnhst.dat
[2008.07.17 14:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.07.17 13:56:03 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.17 13:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.17 13:56:03 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.17 13:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.17 11:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.07.17 09:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.07.17 08:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.07.14 11:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.05.29 22:56:14 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008.05.29 22:56:13 | 002,678,080 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008.05.29 22:56:04 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008.05.29 22:56:02 | 002,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008.05.29 22:55:44 | 000,052,152 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008.05.29 22:55:43 | 001,209,478 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008.05.29 22:55:39 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008.05.29 22:55:38 | 001,395,007 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008.05.29 22:55:32 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008.05.29 22:55:31 | 001,046,365 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008.05.29 22:55:31 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008.05.29 22:55:26 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008.05.29 22:55:19 | 000,305,784 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008.05.29 22:55:13 | 004,249,333 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008.05.29 22:55:02 | 028,871,584 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008.05.29 22:51:04 | 018,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008.05.29 22:50:07 | 016,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008.05.29 22:49:16 | 009,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008.05.29 22:48:55 | 003,861,568 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008.05.29 22:48:42 | 015,099,632 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008.05.29 22:48:11 | 004,871,833 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008.05.29 22:47:53 | 001,912,368 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008.05.29 22:47:46 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008.05.29 22:47:43 | 004,376,576 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2008.05.29 22:47:43 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008.02.08 22:33:18 | 000,323,584 | ---- | C] () -- C:\Program Files\setup.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,367,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.29 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\AVG2012
[2010.11.05 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener
[2010.08.16 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.05 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner
[2009.07.08 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org
[2008.10.05 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template
[2010.07.09 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems
[2011.09.29 14:54:00 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.09.07 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Adobe
[2010.08.26 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Apple Computer
[2011.09.29 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\AVG2012
[2010.08.17 00:35:54 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\CyberLink
[2010.11.05 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener
[2010.08.16 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.05 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner
[2008.09.07 18:12:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Google
[2008.09.05 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Identities
[2008.09.07 18:24:50 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Macromedia
[2011.09.29 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Media Center Programs
[2011.09.29 13:50:34 | 000,000,000 | --SD | M] -- C:\Users\Anika\AppData\Roaming\Microsoft
[2008.09.12 18:49:34 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Mozilla
[2009.02.03 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Nero
[2009.02.03 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\NeroDigital™
[2009.07.08 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org
[2009.07.08 11:55:29 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org2
[2011.09.29 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Skype
[2011.09.29 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\skypePM
[2008.10.05 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template
[2010.07.09 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems
 
< %APPDATA%\*.exe /s >
[2011.03.13 15:41:22 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Anika\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.09.23 17:37:30 | 000,022,352 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009.09.23 17:37:30 | 000,034,112 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<          >

< End of report >
--- --- ---

[/CODE]

cosinus 29.09.2011 20:21
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

jk_hamburg 30.09.2011 09:54
so nun habe ich den scan mit dem kaspersky tdsskiller durchgeführt.

hier nun das ergebniss:

Code:
10:18:49.0611 6000        TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
10:18:49.0783 6000        ============================================================
10:18:49.0783 6000        Current date / time: 2011/09/30 10:18:49.0783
10:18:49.0783 6000        SystemInfo:
10:18:49.0783 6000       
10:18:49.0783 6000        OS Version: 6.0.6002 ServicePack: 2.0
10:18:49.0783 6000        Product type: Workstation
10:18:49.0783 6000        ComputerName: ANIKA-PC
10:18:49.0783 6000        UserName: Anika
10:18:49.0783 6000        Windows directory: C:\Windows
10:18:49.0783 6000        System windows directory: C:\Windows
10:18:49.0783 6000        Processor architecture: Intel x86
10:18:49.0783 6000        Number of processors: 2
10:18:49.0783 6000        Page size: 0x1000
10:18:49.0783 6000        Boot type: Normal boot
10:18:49.0783 6000        ============================================================
10:18:50.0345 6000        Initialize success
10:18:58.0441 5464        ============================================================
10:18:58.0441 5464        Scan started
10:18:58.0441 5464        Mode: Manual; SigCheck; TDLFS;
10:18:58.0441 5464        ============================================================
10:18:59.0221 5464        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:18:59.0564 5464        ACPI - ok
10:18:59.0705 5464        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:18:59.0892 5464        adp94xx - ok
10:19:00.0141 5464        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:19:00.0297 5464        adpahci - ok
10:19:00.0609 5464        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:19:00.0641 5464        adpu160m - ok
10:19:00.0875 5464        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:19:00.0890 5464        adpu320 - ok
10:19:01.0187 5464        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
10:19:01.0467 5464        AFD - ok
10:19:01.0842 5464        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:19:01.0873 5464        agp440 - ok
10:19:02.0232 5464        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:19:02.0263 5464        aic78xx - ok
10:19:02.0450 5464        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:19:02.0466 5464        aliide - ok
10:19:02.0793 5464        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:19:02.0809 5464        amdagp - ok
10:19:02.0981 5464        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:19:03.0012 5464        amdide - ok
10:19:03.0651 5464        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:19:04.0447 5464        AmdK7 - ok
10:19:04.0650 5464        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:19:04.0806 5464        AmdK8 - ok
10:19:05.0071 5464        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:19:05.0087 5464        arc - ok
10:19:05.0570 5464        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:19:05.0586 5464        arcsas - ok
10:19:05.0757 5464        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:19:05.0804 5464        AsyncMac - ok
10:19:05.0976 5464        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:19:05.0991 5464        atapi - ok
10:19:06.0163 5464        ATSWPDRV        (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
10:19:06.0241 5464        ATSWPDRV - ok
10:19:06.0631 5464        AVGIDSDriver    (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:19:06.0662 5464        AVGIDSDriver - ok
10:19:07.0037 5464        AVGIDSEH        (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:19:07.0068 5464        AVGIDSEH - ok
10:19:07.0317 5464        AVGIDSFilter    (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:19:07.0333 5464        AVGIDSFilter - ok
10:19:07.0614 5464        AVGIDSShim      (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:19:07.0629 5464        AVGIDSShim - ok
10:19:07.0879 5464        Avgldx86        (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
10:19:07.0895 5464        Avgldx86 - ok
10:19:08.0394 5464        Avgmfx86        (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:19:08.0409 5464        Avgmfx86 - ok
10:19:08.0612 5464        Avgrkx86        (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:19:08.0628 5464        Avgrkx86 - ok
10:19:10.0188 5464        Avgtdix        (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:19:10.0219 5464        Avgtdix - ok
10:19:10.0453 5464        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:19:10.0562 5464        Beep - ok
10:19:10.0749 5464        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:19:10.0843 5464        blbdrive - ok
10:19:11.0030 5464        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:19:11.0139 5464        bowser - ok
10:19:11.0373 5464        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:19:11.0436 5464        BrFiltLo - ok
10:19:11.0592 5464        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:19:11.0654 5464        BrFiltUp - ok
10:19:11.0904 5464        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:19:12.0107 5464        Brserid - ok
10:19:12.0247 5464        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:19:12.0356 5464        BrSerWdm - ok
10:19:12.0497 5464        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:19:12.0606 5464        BrUsbMdm - ok
10:19:12.0824 5464        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:19:12.0918 5464        BrUsbSer - ok
10:19:13.0089 5464        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:19:13.0230 5464        BTHMODEM - ok
10:19:13.0495 5464        Cam5607        (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys
10:19:13.0557 5464        Cam5607 - ok
10:19:13.0651 5464        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:19:13.0713 5464        cdfs - ok
10:19:13.0838 5464        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:19:13.0916 5464        cdrom - ok
10:19:14.0103 5464        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:19:14.0166 5464        circlass - ok
10:19:14.0322 5464        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:19:14.0353 5464        CLFS - ok
10:19:14.0447 5464        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:19:14.0509 5464        CmBatt - ok
10:19:14.0556 5464        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:19:14.0587 5464        cmdide - ok
10:19:14.0618 5464        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:19:14.0634 5464        Compbatt - ok
10:19:14.0649 5464        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:19:14.0681 5464        crcdisk - ok
10:19:14.0852 5464        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:19:14.0930 5464        Crusoe - ok
10:19:15.0164 5464        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
10:19:15.0211 5464        DfsC - ok
10:19:15.0289 5464        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:19:15.0320 5464        disk - ok
10:19:15.0398 5464        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:19:15.0476 5464        drmkaud - ok
10:19:15.0570 5464        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:19:15.0617 5464        DXGKrnl - ok
10:19:15.0663 5464        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:19:15.0726 5464        E1G60 - ok
10:19:15.0835 5464        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:19:15.0851 5464        Ecache - ok
10:19:16.0038 5464        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:19:16.0116 5464        elxstor - ok
10:19:16.0319 5464        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:19:16.0397 5464        ErrDev - ok
10:19:16.0584 5464        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:19:16.0677 5464        exfat - ok
10:19:16.0787 5464        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:19:16.0849 5464        fastfat - ok
10:19:16.0896 5464        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:19:16.0958 5464        fdc - ok
10:19:17.0005 5464        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:19:17.0036 5464        FileInfo - ok
10:19:17.0099 5464        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:19:17.0177 5464        Filetrace - ok
10:19:17.0208 5464        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:19:17.0286 5464        flpydisk - ok
10:19:17.0364 5464        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:19:17.0395 5464        FltMgr - ok
10:19:17.0598 5464        fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
10:19:17.0613 5464        fssfltr - ok
10:19:17.0754 5464        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:19:17.0801 5464        Fs_Rec - ok
10:19:17.0910 5464        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:19:17.0941 5464        gagp30kx - ok
10:19:18.0019 5464        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:19:18.0035 5464        GEARAspiWDM - ok
10:19:18.0331 5464        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:19:18.0456 5464        HdAudAddService - ok
10:19:18.0659 5464        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:19:18.0768 5464        HDAudBus - ok
10:19:18.0893 5464        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:19:18.0986 5464        HidBth - ok
10:19:19.0033 5464        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:19:19.0158 5464        HidIr - ok
10:19:19.0236 5464        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:19:19.0283 5464        HidUsb - ok
10:19:19.0361 5464        Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
10:19:19.0392 5464        Hotkey ( UnsignedFile.Multi.Generic ) - warning
10:19:19.0392 5464        Hotkey - detected UnsignedFile.Multi.Generic (1)
10:19:19.0485 5464        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:19:19.0517 5464        HpCISSs - ok
10:19:19.0595 5464        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:19:19.0688 5464        HTTP - ok
10:19:19.0782 5464        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:19:19.0813 5464        i2omp - ok
10:19:20.0031 5464        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:19:20.0094 5464        i8042prt - ok
10:19:20.0265 5464        iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
10:19:20.0297 5464        iaStor - ok
10:19:20.0468 5464        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:19:20.0484 5464        iaStorV - ok
10:19:20.0624 5464        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:19:20.0640 5464        iirsp - ok
10:19:20.0921 5464        IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
10:19:21.0404 5464        IntcAzAudAddService - ok
10:19:21.0560 5464        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:19:21.0591 5464        intelide - ok
10:19:21.0747 5464        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:19:21.0794 5464        intelppm - ok
10:19:21.0950 5464        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:19:22.0044 5464        IpFilterDriver - ok
10:19:22.0169 5464        IpInIp - ok
10:19:22.0371 5464        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:19:22.0434 5464        IPMIDRV - ok
10:19:22.0637 5464        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:19:22.0683 5464        IPNAT - ok
10:19:22.0886 5464        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:19:22.0933 5464        IRENUM - ok
10:19:23.0198 5464        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:19:23.0229 5464        isapnp - ok
10:19:23.0417 5464        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:19:23.0448 5464        iScsiPrt - ok
10:19:23.0869 5464        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:19:23.0885 5464        iteatapi - ok
10:19:24.0056 5464        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:19:24.0087 5464        iteraid - ok
10:19:24.0197 5464        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:19:24.0212 5464        kbdclass - ok
10:19:24.0368 5464        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
10:19:24.0446 5464        kbdhid - ok
10:19:24.0774 5464        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:19:24.0867 5464        KSecDD - ok
10:19:25.0023 5464        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:19:25.0101 5464        lltdio - ok
10:19:25.0257 5464        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:19:25.0289 5464        LSI_FC - ok
10:19:25.0351 5464        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:19:25.0367 5464        LSI_SAS - ok
10:19:25.0398 5464        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:19:25.0429 5464        LSI_SCSI - ok
10:19:25.0476 5464        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:19:25.0538 5464        luafv - ok
10:19:25.0694 5464        MBAMProtector  (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
10:19:25.0725 5464        MBAMProtector - ok
10:19:25.0850 5464        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:19:25.0881 5464        megasas - ok
10:19:25.0959 5464        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:19:26.0006 5464        MegaSR - ok
10:19:26.0053 5464        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:19:26.0115 5464        Modem - ok
10:19:26.0147 5464        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:19:26.0209 5464        monitor - ok
10:19:26.0240 5464        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:19:26.0271 5464        mouclass - ok
10:19:26.0303 5464        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:19:26.0365 5464        mouhid - ok
10:19:26.0412 5464        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:19:26.0443 5464        MountMgr - ok
10:19:26.0474 5464        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:19:26.0505 5464        mpio - ok
10:19:26.0552 5464        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:19:26.0630 5464        mpsdrv - ok
10:19:26.0739 5464        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:19:26.0755 5464        Mraid35x - ok
10:19:26.0849 5464        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:19:26.0927 5464        MRxDAV - ok
10:19:26.0973 5464        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:19:27.0036 5464        mrxsmb - ok
10:19:27.0083 5464        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:19:27.0161 5464        mrxsmb10 - ok
10:19:27.0192 5464        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:19:27.0223 5464        mrxsmb20 - ok
10:19:27.0270 5464        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
10:19:27.0301 5464        msahci - ok
10:19:27.0348 5464        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:19:27.0379 5464        msdsm - ok
10:19:27.0410 5464        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:19:27.0473 5464        Msfs - ok
10:19:27.0504 5464        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:19:27.0535 5464        msisadrv - ok
10:19:27.0566 5464        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:19:27.0629 5464        MSKSSRV - ok
10:19:27.0660 5464        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:19:27.0722 5464        MSPCLOCK - ok
10:19:27.0769 5464        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:19:27.0831 5464        MSPQM - ok
10:19:27.0894 5464        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:19:27.0925 5464        MsRPC - ok
10:19:27.0972 5464        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:19:28.0034 5464        mssmbios - ok
10:19:28.0065 5464        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:19:28.0112 5464        MSTEE - ok
10:19:28.0159 5464        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:19:28.0206 5464        Mup - ok
10:19:28.0268 5464        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:19:28.0299 5464        NativeWifiP - ok
10:19:28.0393 5464        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:19:28.0455 5464        NDIS - ok
10:19:28.0611 5464        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:19:28.0689 5464        NdisTapi - ok
10:19:28.0939 5464        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:19:29.0001 5464        Ndisuio - ok
10:19:29.0173 5464        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:19:29.0220 5464        NdisWan - ok
10:19:29.0298 5464        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:19:29.0376 5464        NDProxy - ok
10:19:29.0423 5464        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:19:29.0501 5464        NetBIOS - ok
10:19:29.0594 5464        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:19:29.0657 5464        netbt - ok
10:19:29.0797 5464        NETw4v32        (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:19:30.0015 5464        NETw4v32 - ok
10:19:30.0140 5464        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:19:30.0156 5464        nfrd960 - ok
10:19:30.0265 5464        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:19:30.0343 5464        Npfs - ok
10:19:30.0421 5464        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:19:30.0483 5464        nsiproxy - ok
10:19:30.0577 5464        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:19:30.0749 5464        Ntfs - ok
10:19:30.0873 5464        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:19:30.0967 5464        ntrigdigi - ok
10:19:31.0014 5464        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:19:31.0170 5464        Null - ok
10:19:31.0451 5464        nvlddmkm        (b0cc8b78a9f0c6d9c8909b9bf874a4de) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:19:32.0043 5464        nvlddmkm - ok
10:19:32.0184 5464        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:19:32.0199 5464        nvraid - ok
10:19:32.0262 5464        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:19:32.0293 5464        nvstor - ok
10:19:32.0340 5464        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:19:32.0371 5464        nv_agp - ok
10:19:32.0402 5464        NwlnkFlt - ok
10:19:32.0418 5464        NwlnkFwd - ok
10:19:32.0496 5464        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:19:32.0605 5464        ohci1394 - ok
10:19:32.0699 5464        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:19:32.0855 5464        Parport - ok
10:19:32.0933 5464        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:19:32.0964 5464        partmgr - ok
10:19:33.0026 5464        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:19:33.0135 5464        Parvdm - ok
10:19:33.0198 5464        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:19:33.0229 5464        pci - ok
10:19:33.0401 5464        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:19:33.0416 5464        pciide - ok
10:19:33.0463 5464        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:19:33.0479 5464        pcmcia - ok
10:19:33.0572 5464        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:19:33.0697 5464        PEAUTH - ok
10:19:33.0791 5464        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:19:33.0900 5464        PptpMiniport - ok
10:19:33.0931 5464        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:19:33.0993 5464        Processor - ok
10:19:34.0040 5464        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:19:34.0118 5464        PSched - ok
10:19:34.0196 5464        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:19:34.0493 5464        ql2300 - ok
10:19:34.0586 5464        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:19:34.0633 5464        ql40xx - ok
10:19:34.0664 5464        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:19:34.0742 5464        QWAVEdrv - ok
10:19:34.0773 5464        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:19:34.0836 5464        RasAcd - ok
10:19:34.0929 5464        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:19:35.0023 5464        Rasl2tp - ok
10:19:35.0085 5464        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:19:35.0148 5464        RasPppoe - ok
10:19:35.0179 5464        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:19:35.0226 5464        RasSstp - ok
10:19:35.0288 5464        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:19:35.0335 5464        rdbss - ok
10:19:35.0397 5464        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:19:35.0475 5464        RDPCDD - ok
10:19:35.0569 5464        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:19:35.0631 5464        rdpdr - ok
10:19:35.0772 5464        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:19:35.0834 5464        RDPENCDD - ok
10:19:36.0131 5464        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:19:36.0209 5464        RDPWD - ok
10:19:36.0411 5464        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:19:36.0505 5464        rspndr - ok
10:19:36.0583 5464        RTL8169        (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:19:36.0661 5464        RTL8169 - ok
10:19:36.0755 5464        RTSTOR          (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS
10:19:36.0801 5464        RTSTOR - ok
10:19:36.0911 5464        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:19:36.0942 5464        sbp2port - ok
10:19:37.0004 5464        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:19:37.0098 5464        secdrv - ok
10:19:37.0176 5464        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:19:37.0269 5464        Serenum - ok
10:19:37.0332 5464        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:19:37.0441 5464        Serial - ok
10:19:37.0472 5464        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:19:37.0566 5464        sermouse - ok
10:19:37.0628 5464        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:19:37.0691 5464        sffdisk - ok
10:19:37.0722 5464        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:19:37.0800 5464        sffp_mmc - ok
10:19:37.0831 5464        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:19:37.0909 5464        sffp_sd - ok
10:19:38.0018 5464        sfloppy        (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
10:19:38.0081 5464        sfloppy - ok
10:19:38.0268 5464        Si3531          (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
10:19:38.0283 5464        Si3531 - ok
10:19:38.0330 5464        SiFilter        (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:19:38.0346 5464        SiFilter - ok
10:19:38.0361 5464        SiRemFil        (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
10:19:38.0377 5464        SiRemFil - ok
10:19:38.0408 5464        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:19:38.0439 5464        sisagp - ok
10:19:38.0502 5464        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:19:38.0517 5464        SiSRaid2 - ok
10:19:38.0611 5464        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:19:38.0642 5464        SiSRaid4 - ok
10:19:39.0032 5464        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:19:39.0157 5464        Smb - ok
10:19:39.0297 5464        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:19:39.0313 5464        spldr - ok
10:19:39.0563 5464        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:19:39.0656 5464        srv - ok
10:19:39.0859 5464        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
10:19:39.0921 5464        srv2 - ok
10:19:40.0031 5464        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
10:19:40.0062 5464        srvnet - ok
10:19:40.0155 5464        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:19:40.0187 5464        swenum - ok
10:19:40.0249 5464        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:19:40.0280 5464        Symc8xx - ok
10:19:40.0343 5464        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:19:40.0374 5464        Sym_hi - ok
10:19:40.0421 5464        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:19:40.0467 5464        Sym_u3 - ok
10:19:40.0514 5464        SynTP          (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
10:19:40.0545 5464        SynTP - ok
10:19:40.0655 5464        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
10:19:40.0748 5464        Tcpip - ok
10:19:40.0795 5464        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
10:19:40.0857 5464        Tcpip6 - ok
10:19:40.0920 5464        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:19:41.0013 5464        tcpipreg - ok
10:19:41.0091 5464        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:19:41.0169 5464        TDPIPE - ok
10:19:41.0232 5464        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:19:41.0325 5464        TDTCP - ok
10:19:41.0435 5464        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:19:41.0513 5464        tdx - ok
10:19:41.0715 5464        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:19:41.0731 5464        TermDD - ok
10:19:41.0871 5464        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:19:41.0981 5464        tssecsrv - ok
10:19:42.0277 5464        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:19:42.0417 5464        tunmp - ok
10:19:42.0480 5464        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:19:42.0542 5464        tunnel - ok
10:19:42.0573 5464        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:19:42.0605 5464        uagp35 - ok
10:19:42.0667 5464        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:19:42.0745 5464        udfs - ok
10:19:42.0839 5464        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:19:42.0870 5464        uliagpkx - ok
10:19:42.0901 5464        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:19:42.0948 5464        uliahci - ok
10:19:42.0979 5464        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:19:42.0995 5464        UlSata - ok
10:19:43.0026 5464        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:19:43.0073 5464        ulsata2 - ok
10:19:43.0104 5464        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:19:43.0166 5464        umbus - ok
10:19:43.0322 5464        USBAAPL        (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
10:19:43.0416 5464        USBAAPL - ok
10:19:43.0478 5464        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:19:43.0572 5464        usbccgp - ok
10:19:43.0665 5464        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:19:43.0775 5464        usbcir - ok
10:19:43.0821 5464        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:19:43.0915 5464        usbehci - ok
10:19:43.0993 5464        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:19:44.0055 5464        usbhub - ok
10:19:44.0118 5464        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:19:44.0289 5464        usbohci - ok
10:19:44.0399 5464        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:19:44.0461 5464        usbprint - ok
10:19:44.0523 5464        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:19:44.0633 5464        usbscan - ok
10:19:44.0726 5464        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:19:44.0898 5464        USBSTOR - ok
10:19:44.0960 5464        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:19:45.0023 5464        usbuhci - ok
10:19:45.0085 5464        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:19:45.0147 5464        usbvideo - ok
10:19:45.0241 5464        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:19:45.0303 5464        vga - ok
10:19:45.0475 5464        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:19:45.0553 5464        VgaSave - ok
10:19:45.0834 5464        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:19:45.0865 5464        viaagp - ok
10:19:45.0943 5464        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:19:46.0037 5464        ViaC7 - ok
10:19:46.0068 5464        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:19:46.0099 5464        viaide - ok
10:19:46.0130 5464        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:19:46.0146 5464        volmgr - ok
10:19:46.0224 5464        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:19:46.0271 5464        volmgrx - ok
10:19:46.0380 5464        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:19:46.0489 5464        volsnap - ok
10:19:46.0536 5464        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:19:46.0567 5464        vsmraid - ok
10:19:46.0707 5464        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:19:46.0801 5464        WacomPen - ok
10:19:46.0926 5464        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:47.0004 5464        Wanarp - ok
10:19:47.0019 5464        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:47.0113 5464        Wanarpv6 - ok
10:19:47.0269 5464        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:19:47.0316 5464        Wd - ok
10:19:47.0363 5464        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:19:47.0441 5464        Wdf01000 - ok
10:19:47.0581 5464        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:19:47.0675 5464        WmiAcpi - ok
10:19:47.0768 5464        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:19:47.0831 5464        WpdUsb - ok
10:19:47.0877 5464        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:19:47.0955 5464        ws2ifsl - ok
10:19:48.0002 5464        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:19:48.0143 5464        WUDFRd - ok
10:19:48.0205 5464        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:19:48.0283 5464        \Device\Harddisk0\DR0 - ok
10:19:48.0314 5464        Boot (0x1200)  (1b8297c60970d8ef2eb784fda74ab34c) \Device\Harddisk0\DR0\Partition0
10:19:48.0314 5464        \Device\Harddisk0\DR0\Partition0 - ok
10:19:48.0314 5464        Boot (0x1200)  (0f66965ce083ce3a9d3720cf0ca37bfe) \Device\Harddisk0\DR0\Partition1
10:19:48.0330 5464        \Device\Harddisk0\DR0\Partition1 - ok
10:19:48.0330 5464        ============================================================
10:19:48.0330 5464        Scan finished
10:19:48.0330 5464        ============================================================
10:19:48.0345 5288        Detected object count: 1
10:19:48.0345 5288        Actual detected object count: 1
10:50:39.0098 5288        C:\Windows\system32\drivers\Hotkey.sys - copied to quarantine
10:50:39.0114 5288        Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Quarantine

cosinus 30.09.2011 10:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

jk_hamburg 30.09.2011 15:15
So nun hier das ergebniss vom combofix scan:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 11-09-30.02 - Anika 30.09.2011  13:02:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1746 [GMT 2:00]
ausgeführt von:: c:\users\Anika\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-28 bis 2011-09-30  ))))))))))))))))))))))))))))))
.
.
2011-09-30 11:15 . 2011-09-30 11:16        --------        d-----w-        c:\users\Anika\AppData\Local\temp
2011-09-30 11:15 . 2011-09-30 11:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-09-30 08:50 . 2011-09-30 08:50        --------        d-----w-        C:\TDSSKiller_Quarantine
2011-09-29 20:18 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2011-09-29 20:18 . 2011-09-29 20:18        --------        d-----w-        C:\_OTL
2011-09-29 15:14 . 2011-09-29 15:14        --------        d-----w-        c:\program files\ESET
2011-09-29 14:12 . 2011-09-29 14:12        --------        d-----w-        C:\$AVG
2011-09-29 13:05 . 2011-09-29 13:05        --------        d-----w-        c:\program files\MALWAREBYTES ANTI-MALWARE
2011-09-29 13:03 . 2011-05-02 17:19        766464        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-09-29 13:03 . 2011-06-17 16:03        375808        ----a-w-        c:\windows\system32\winsrv.dll
2011-09-29 13:03 . 2011-04-14 14:59        75264        ----a-w-        c:\windows\system32\drivers\dfsc.sys
2011-09-29 13:02 . 2011-08-10 12:14        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-09-29 13:02 . 2011-07-06 15:31        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-09-29 13:02 . 2011-04-29 13:24        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-09-29 13:02 . 2011-04-29 13:24        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 13:02 . 2011-07-11 13:25        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-09-29 13:02 . 2011-09-29 13:02        --------        d-----w-        c:\users\Anika\AppData\Roaming\AVG2012
2011-09-29 12:59 . 2011-09-30 08:17        --------        d-----w-        c:\windows\system32\drivers\AVG
2011-09-29 12:59 . 2011-09-29 13:15        --------        d-----w-        c:\programdata\AVG2012
2011-09-29 12:58 . 2011-09-29 12:58        --------        d-----w-        c:\program files\AVG
2011-09-29 12:53 . 2011-05-02 17:16        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-09-29 12:53 . 2011-06-20 08:54        3602832        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-09-29 12:53 . 2011-06-20 08:54        3550096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-09-29 12:53 . 2011-04-20 15:50        49152        ----a-w-        c:\windows\system32\csrsrv.dll
2011-09-29 12:53 . 2011-09-29 12:53        --------        d--h--w-        c:\programdata\Common Files
2011-09-29 12:53 . 2010-12-20 16:35        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-09-29 12:53 . 2011-09-29 12:53        --------        d-----w-        c:\users\Anika\AppData\Roaming\Malwarebytes
2011-09-29 12:53 . 2011-09-29 12:53        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-29 12:53 . 2011-09-29 12:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-09-29 12:53 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-29 12:51 . 2011-09-30 08:17        --------        d-----w-        c:\programdata\MFAData
2011-09-27 06:34 . 2011-09-27 06:34        --------        d-----w-        C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 04:08 . 2011-08-08 04:08        40016        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2011-07-10 23:14 . 2011-07-10 23:14        295248        ----a-w-        c:\windows\system32\drivers\avgtdix.sys
2011-07-10 23:14 . 2011-07-10 23:14        24272        ----a-w-        c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14        16720        ----a-w-        c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-10 23:14 . 2011-07-10 23:14        23120        ----a-w-        c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:13 . 2011-07-10 23:13        134736        ----a-w-        c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13        229840        ----a-w-        c:\windows\system32\drivers\avgldx86.sys
2011-07-10 23:13 . 2011-07-10 23:13        32464        ----a-w-        c:\windows\system32\drivers\avgrkx86.sys
2008-05-29 20:47 . 2008-05-29 20:47        4376576        ----a-w-        c:\program files\openofficeorg24.msi
2002-03-11 09:06 . 2002-03-11 09:06        1822520        ----a-w-        c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45        1708856        ----a-w-        c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-22 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-07 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-07-10 32464]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-10 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-10 16720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 21:19]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 21:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG2012\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-30 13:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-30  16:12:03
ComboFix-quarantined-files.txt  2011-09-30 14:11
.
Vor Suchlauf: 10 Verzeichnis(se), 196.451.442.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 199.272.333.312 Bytes frei
.
- - End Of File - - 3A838A8ABECB0E008F30E4E51CCA7E58

--- --- ---

cosinus 30.09.2011 17:35
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

jk_hamburg 01.10.2011 15:21
so ich hoffe ich hab alles richtig gemacht :) hier die log datein.

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-01 12:00:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: p3iiwn4n.exe; Driver: C:\Users\Anika\AppData\Local\Temp\uwlorpoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xA31E7F3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xA31E7FE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xA31E8080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xA31E811C]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 3F1                                                                                              822EEB74 4 Bytes  [3C, 7F, 1E, A3]
.text          ntkrnlpa.exe!KeSetEvent + 621                                                                                              822EEDA4 8 Bytes  [E4, 7F, 1E, A3, 80, 80, 1E, ...] {IN AL, 0x7f; PUSH DS; MOV [0xa31e8080], EAX}
.text          ntkrnlpa.exe!KeSetEvent + 681                                                                                              822EEE04 4 Bytes  [1C, 81, 1E, A3]
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                    section is writeable [0x8E006340, 0x3ECA97, 0xE8000020]
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Anika\AppData\Local\Temp\catchme.sys                                                                              Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                      [73B97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                        [73BEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                    [73B9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                              [73B8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                        [73B975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                    [73B8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                        [73BC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                            [73B9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                    [73B8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                    [73B8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                      [73B871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                              [73C1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                                [73BBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                    [73B8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                              [73B86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                            [73B8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                [73B92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                    avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Google Desktop Search                                                    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@toolbar_eula_launcher                                                    C:\Program Files\GoogleEULA\EULALauncher.exe
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@AVG_TRAY                                                                "C:\Program Files\AVG\AVG2012\avgtray.exe"
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime                                  2011-10-01 05:11:00
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime                    2011-09-30 08:29:24
Reg            HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@{!s!\30!r!{!`!t!c!i!\24!t!j!s!y!s!\24!                  19583823

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:12:15 on 01.10.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.0.19

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\Users\Anika\AppData\Local\Temp\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"uwlorpoc" (uwlorpoc) - ? - C:\Users\Anika\AppData\Local\Temp\uwlorpoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (File not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgse.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll
{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
"Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-01 12:12:50
-----------------------------
12:12:50.251    OS Version: Windows 6.0.6002 Service Pack 2
12:12:50.251    Number of processors: 2 586 0xF0D
12:12:50.251    ComputerName: ANIKA-PC  UserName: Anika
12:12:52.919    Initialize success
12:14:31.893    AVAST engine defs: 11100100
12:14:48.913    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:14:48.913    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:14:49.521    Disk 0 MBR read successfully
12:14:49.521    Disk 0 MBR scan
12:14:49.521    Disk 0 Windows VISTA default MBR code
12:14:49.677    Disk 0 scanning sectors +625137345
12:14:50.442    Disk 0 scanning C:\Windows\system32\drivers
12:16:51.248    Service scanning
12:16:52.683    Modules scanning
12:18:48.155    Disk 0 trace - called modules:
12:18:48.248    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:18:48.264    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683eac8]
12:18:48.264    3 CLASSPNP.SYS[8a9a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85530028]
12:18:50.183    AVAST engine scan C:\Windows
12:22:02.967    AVAST engine scan C:\Windows\system32
12:34:40.020    AVAST engine scan C:\Windows\system32\drivers
12:40:47.540    AVAST engine scan C:\Users\Anika
13:54:48.813    AVAST engine scan C:\ProgramData
14:07:29.189    Scan finished successfully
16:19:46.902    Disk 0 MBR has been saved successfully to "C:\Users\Anika\Desktop\MBR.dat"
16:19:46.918    The log file has been saved successfully to "C:\Users\Anika\Desktop\aswMBR.txt"

cosinus 01.10.2011 21:39
Edit: So hab die Verschachtelungen mal entfernt.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


jk_hamburg 03.10.2011 14:44
so hier nun die logs:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7844

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.10.2011 16:27:51
mbam-log-2011-10-02 (16-27-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 338039
Laufzeit: 3 Stunde(n), 26 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/02/2011 at 05:14 PM

Application Version : 5.0.1128

Core Rules Database Version : 7746
Trace Rules Database Version: 5558

Scan type      : Complete Scan
Total Scan Time : 04:07:12

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 656
Memory threats detected  : 0
Registry items scanned    : 38984
Registry threats detected : 0
File items scanned        : 202664
File threats detected    : 300

Adware.Tracking Cookie
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ad2.adfarm1.adition[1].txt [ /ad2.adfarm1.adition ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adcentriconline[1].txt [ /adcentriconline ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adfarm1.adition[2].txt [ /adfarm1.adition ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ads.pointroll[2].txt [ /ads.pointroll ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adtech[1].txt [ /adtech ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@advertising[2].txt [ /advertising ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@atdmt[1].txt [ /atdmt ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@bluestreak[1].txt [ /bluestreak ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@bs.serving-sys[2].txt [ /bs.serving-sys ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@doubleclick[2].txt [ /doubleclick ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@fastclick[1].txt [ /fastclick ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@mediaplex[1].txt [ /mediaplex ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@msnaccountservices.112.2o7[1].txt [ /msnaccountservices.112.2o7 ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@revsci[2].txt [ /revsci ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@serving-sys[2].txt [ /serving-sys ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@smartadserver[2].txt [ /smartadserver ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@tracking.quisma[1].txt [ /tracking.quisma ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@tradedoubler[2].txt [ /tradedoubler ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@weborama[1].txt [ /weborama ]
        C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@zanox[1].txt [ /zanox ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@www.etracker[2].txt [ Cookie:anika@www.etracker.de/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@msnportal.112.2o7[1].txt [ Cookie:anika@msnportal.112.2o7.net/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@serving-sys[1].txt [ Cookie:anika@serving-sys.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@msnaccountservices.112.2o7[1].txt [ Cookie:anika@msnaccountservices.112.2o7.net/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@bs.serving-sys[2].txt [ Cookie:anika@bs.serving-sys.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@atdmt[2].txt [ Cookie:anika@atdmt.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@bluestreak[1].txt [ Cookie:anika@bluestreak.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@webmasterplan[1].txt [ Cookie:anika@webmasterplan.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@adfarm1.adition[1].txt [ Cookie:anika@adfarm1.adition.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@tradedoubler[2].txt [ Cookie:anika@tradedoubler.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@ww251.smartadserver[1].txt [ Cookie:anika@ww251.smartadserver.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@zanox-affiliate[2].txt [ Cookie:anika@zanox-affiliate.de/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@www.zanox-affiliate[1].txt [ Cookie:anika@www.zanox-affiliate.de/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@admanager.trackset[1].txt [ Cookie:anika@admanager.trackset.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@statse.webtrendslive[2].txt [ Cookie:anika@statse.webtrendslive.com/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@adsrv.admediate[1].txt [ Cookie:anika@adsrv.admediate.net/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@de.sitestat[1].txt [ Cookie:anika@de.sitestat.com/idgcom-de/pcwelt/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@2o7[1].txt [ Cookie:anika@2o7.net/ ]
        C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@atdmt.combing[1].txt [ Cookie:anika@atdmt.combing.com/ ]
        C:\USERS\ANIKA\Cookies\anika@weborama[1].txt [ Cookie:anika@weborama.fr/ ]
        C:\USERS\ANIKA\Cookies\anika@ad.yieldmanager[2].txt [ Cookie:anika@ad.yieldmanager.com/ ]
        C:\USERS\ANIKA\Cookies\anika@adcentriconline[1].txt [ Cookie:anika@adcentriconline.com/ ]
        C:\USERS\ANIKA\Cookies\anika@serving-sys[2].txt [ Cookie:anika@serving-sys.com/ ]
        C:\USERS\ANIKA\Cookies\anika@msnaccountservices.112.2o7[1].txt [ Cookie:anika@msnaccountservices.112.2o7.net/ ]
        C:\USERS\ANIKA\Cookies\anika@atdmt[1].txt [ Cookie:anika@atdmt.com/ ]
        C:\USERS\ANIKA\Cookies\anika@bs.serving-sys[2].txt [ Cookie:anika@bs.serving-sys.com/ ]
        C:\USERS\ANIKA\Cookies\anika@bluestreak[1].txt [ Cookie:anika@bluestreak.com/ ]
        C:\USERS\ANIKA\Cookies\anika@adfarm1.adition[2].txt [ Cookie:anika@adfarm1.adition.com/ ]
        C:\USERS\ANIKA\Cookies\anika@vdwp.solution.weborama[2].txt [ Cookie:anika@vdwp.solution.weborama.fr/ ]
        C:\USERS\ANIKA\Cookies\anika@tradedoubler[2].txt [ Cookie:anika@tradedoubler.com/ ]
        C:\USERS\ANIKA\Cookies\anika@revsci[2].txt [ Cookie:anika@revsci.net/ ]
        C:\USERS\ANIKA\Cookies\anika@tracking.quisma[1].txt [ Cookie:anika@tracking.quisma.com/ ]
        C:\USERS\ANIKA\Cookies\anika@fastclick[1].txt [ Cookie:anika@fastclick.net/ ]
        C:\USERS\ANIKA\Cookies\anika@ads.pointroll[2].txt [ Cookie:anika@ads.pointroll.com/ ]
        .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        apps.interpolls.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        cdn1.eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        cloud.video.unrulymedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        hottraffic.nl [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        hs.interpolls.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        hzmedia.heyzap.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        imagesrv.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        m1.emea.2mdn.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        macromedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        media.mtvnservices.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        media.scanscout.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        media1.break.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        msntest.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        secure-us.imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        spe.atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        static.plymedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        track.webgains.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@APMEBF[1].TXT [ /APMEBF ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ACCOUNT.LIVE[2].TXT [ /ACCOUNT.LIVE ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADVERTISING[1].TXT [ /ADVERTISING ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADTECH[1].TXT [ /ADTECH ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
        C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        .de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .msnportal.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .hamburgerabendblatt.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .allesklarcomag.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adopt.euroclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .arcor.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .rambler.ru [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        media.adrevolver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .thomascookag.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .comvelgmbh.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .roitracking.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .divx.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .aolde.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        nl.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        nl.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adserver.71i.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .videoegg.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .wissende.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .bluestreak.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        rotator.adjuggler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        rotator.adjuggler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        stat.novasol.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .hamburgerabendblattdedev.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .estat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        link.mercent.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .perf.overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .guj.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .cgm.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .hasenet.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .hansenet.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .vodafonegroup.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .bwincom.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .nacamar.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adserver3.openadex.dk [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        tracking.dc-storm.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .agofev.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .movitex.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .thelabelfinder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .randomhouse.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .vinvest.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adserver.qplaygames.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .lfstmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tracking.3gnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .trafficrevenue.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .server.cpmstar.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        dr.adservinginternational.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        soundvenueas.adservinginternational.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        s01.flagcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]

Trojan.Downloader-Gen/A
        C:\PROGRAM FILES\DEGENER\VORTEST 7\MEDIA\A.EXE

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-29 06:17:19
# local_time=2011-09-29 08:17:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 8291 8291 0 0
# compatibility_mode=5892 16776638 100 100 13479850 154842122 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=170824
# found=2
# cleaned=0
# scan_time=10845
C:\Users\Anika\Downloads\SoftonicDownloader64308.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
C:\_OTL\MovedFiles\09292011_161836\C_Users\Anika\AppData\Local\Temp\0.6105569158567732.exe        a variant of Win32/Injector.GAW trojan (unable to clean)        00000000000000000000000000000000        I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-02 03:31:07
# local_time=2011-10-02 05:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 252462 252462 0 0
# compatibility_mode=5892 16776638 100 100 13724021 155086293 0 0
# compatibility_mode=8192 67108863 100 0 244302 244302 0 0
# scanned=167447
# found=1
# cleaned=0
# scan_time=15902
C:\Users\Anika\Downloads\SoftonicDownloader64308.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 04.10.2011 15:59
Nur Cookies und offensichtliche Fehlalarme.
Zitat:
C:\PROGRAM FILES\DEGENER\VORTEST 7\MEDIA\A.EXE
Ist dir das bekannt?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131