Trojaner-Board - Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojaner generic.26? Viele Meldungen, ahnungslose Laptop Besitzerin (https://www.trojaner-board.de/111447-trojaner-generic-26-viele-meldungen-ahnungslose-laptop-besitzerin.html)

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 27.03.2012 11:26:24 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sabrina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19190)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,21% Memory free

6,21 Gb Paging File | 4,96 Gb Available in Paging File | 79,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,29 Gb Total Space | 25,72 Gb Free Space | 22,12% Space Free | Partition Type: NTFS

Drive E: | 115,13 Gb Total Space | 102,30 Gb Free Space | 88,86% Space Free | Partition Type: NTFS

 

Computer Name: BINAS-PC | User Name: Sabrina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.25 21:08:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe

PRC - [2012.02.25 16:29:48 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.12.06 18:21:24 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

PRC - [2011.12.06 18:21:08 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

PRC - [2011.11.22 18:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2011.11.18 17:36:42 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

PRC - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe

PRC - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

PRC - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

PRC - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

PRC - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe

PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.25 16:29:48 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009.03.26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL

MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL

MOD - [2008.04.07 21:59:30 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update-Dienst (gupdatem)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.12.06 18:21:24 | 000,160,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2011.12.06 18:21:08 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2011.11.18 17:36:42 | 000,150,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)

SRV - [2011.10.18 17:59:54 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2011.01.27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV - [2009.11.21 14:55:58 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2009.11.14 13:37:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)

SRV - [2008.04.24 10:21:56 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)

SRV - [2008.04.17 00:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.17 17:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007.12.03 18:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)

SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2007.10.30 01:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Sabrina\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.10.15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2011.10.15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2011.10.15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2011.10.15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)

DRV - [2011.10.15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2011.10.15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2011.10.15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)

DRV - [2011.10.15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2011.10.15 13:16:16 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)

DRV - [2010.04.19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2009.10.15 18:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)

DRV - [2009.09.16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009.09.16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009.05.25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)

DRV - [2009.05.25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)

DRV - [2009.05.25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)

DRV - [2009.05.25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)

DRV - [2009.05.25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)

DRV - [2009.05.25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)

DRV - [2009.05.25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)

DRV - [2009.04.20 10:41:38 | 000,804,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)

DRV - [2008.07.18 19:52:16 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)

DRV - [2008.04.18 01:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.04.15 10:05:08 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.04.08 02:24:20 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.02.15 18:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007.11.09 15:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2007.08.31 18:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)

DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006.11.20 14:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)

DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2005.01.19 11:14:38 | 000,211,712 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Labtec WebCam(PID_0928)

DRV - [2005.01.19 11:11:16 | 000,022,016 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA

IE - HKLM\..\SearchScopes,DefaultScope = {F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}

IE - HKLM\..\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={397F087D-DA3D-4442-8FE4-941CDB0E6F2F}&mid=31ebcf19351f430d8ff84e06781f1110-22c19b33995470c8b6c3d849a9229e006eb3ab9d&lang=de&ds=AVG&pr=fr&d=2012-03-04 13:36:16&v=10.0.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{C9F333E8-D232-41B5-B695-484B45E14879}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bddfa1ce5-90b8-49ea-9cbe-e4bf53c16c39%7D&mid=31ebcf19351f430d8ff84e06781f1110-22c19b33995470c8b6c3d849a9229e006eb3ab9d&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-03-04%2013%3A36%3A16&sap=ku&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sabrina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.23 08:54:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.23 08:54:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.03.27 11:24:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.03.22 19:48:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.25 16:29:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 22:05:14 | 000,000,000 | ---D | M]

 

[2010.08.10 17:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Extensions

[2012.02.08 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\382g54k6.default\extensions

[2010.08.11 22:30:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\382g54k6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.12.27 21:23:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\382g54k6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.08.10 17:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions

[2010.08.09 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.09 18:53:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash

[2010.08.09 20:29:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

[2010.08.09 18:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2010.08.09 20:29:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Profiles\vg0focgc.Standard-Benutzer\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.12.11 17:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.12.11 17:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions

[2011.12.11 17:24:34 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\toolbar@web.de

[2012.03.27 11:24:44 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE

[2012.03.22 19:48:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

() (No name found) -- C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2012.02.25 16:29:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.25 16:29:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.04 14:36:12 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.02.25 16:29:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.25 16:29:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.25 16:29:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.25 16:29:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.25 16:29:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - Extension: DivX HiQ = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

 

O1 HOSTS File: ([2012.03.22 19:28:10 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120322184642.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.

O4 - HKLM..\Run: [00TCrdMain] E File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICustomerCare] E" File not found

O4 - HKLM..\Run: [CanonMyPrinter] E /LOGON File not found

O4 - HKLM..\Run: [CanonSolutionMenu] E /LOGON File not found

O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)

O4 - HKLM..\Run: [DivXUpdate] E" /CHECKNOW File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Module Loader] E -STARTUPRUN File not found

O4 - HKLM..\Run: [QuickTime Task] E" -ATBOOTTIME File not found

O4 - HKLM..\Run: [ROC_roc_dec12] E" /PROMPT /CMPID=ROC_DEC12 File not found

O4 - HKLM..\Run: [RtHDVCpl] E File not found

O4 - HKLM..\Run: [SmoothView] E File not found

O4 - HKLM..\Run: [StartCCC] E" File not found

O4 - HKLM..\Run: [SynTPEnh] E File not found

O4 - HKLM..\Run: [Toshiba Registration] E File not found

O4 - HKLM..\Run: [Toshiba TEMPO] E File not found

O4 - HKLM..\Run: [TPwrMain] E File not found

O4 - HKLM..\Run: [VolPanel] E" /R File not found

O4 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EAC42DB-58CB-4FE0-89B6-DE46D347F004}: DhcpNameServer = 10.111.81.129 10.129.32.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC64AF2-4D53-4CB6-A1AD-20DBBCFB3027}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CC64AF2-4D53-4CB6-A1AD-20DBBCFB3027}: NameServer = 192.168.2.1

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet: Messenger - Service

SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.25 21:08:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe

[2012.03.24 09:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.03.23 22:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.03.23 22:15:27 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.03.23 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.03.22 19:54:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.03.22 19:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012.03.22 19:46:41 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys

[2012.03.22 19:46:23 | 000,338,176 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys

[2012.03.22 19:46:23 | 000,180,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys

[2012.03.22 19:46:23 | 000,165,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys

[2012.03.22 19:46:23 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys

[2012.03.22 19:46:23 | 000,064,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys

[2012.03.22 19:46:23 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys

[2012.03.22 19:46:22 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys

[2012.03.22 19:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee

[2012.03.22 19:46:09 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com

[2012.03.22 19:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee

[2012.03.22 19:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012.03.22 19:37:32 | 000,150,856 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe

[2012.03.22 19:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.03.22 19:32:09 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.03.22 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Local\temp

[2012.03.22 16:16:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.03.22 16:16:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.03.22 16:16:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.03.22 16:16:12 | 000,000,000 | ---D | C] -- C:\ComboFix

[2012.03.18 17:09:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.03.14 23:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.03.14 23:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.03.14 23:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.03.14 23:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2012.03.14 23:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.03.14 08:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012.03.13 21:34:01 | 000,000,000 | -HSD | C] -- C:\Users\Sabrina\AppData\Local\a28aa113

[2012.03.04 14:53:22 | 000,000,000 | ---D | C] -- C:\Users\Sabrina\AppData\Roaming\AVG2012

[2012.03.04 14:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.27 11:19:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.27 11:19:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.27 11:19:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.27 11:19:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.26 21:30:47 | 000,058,368 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.03.25 21:08:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sabrina\Desktop\OTL.exe

[2012.03.24 17:52:36 | 000,000,680 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d9caps.dat

[2012.03.24 17:52:34 | 000,000,552 | ---- | M] () -- C:\Users\Sabrina\AppData\Local\d3d8caps.dat

[2012.03.23 22:15:43 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.22 20:13:29 | 000,000,411 | ---- | M] () -- C:\Users\Sabrina\Desktop\Sammelordner - Verknüpfung.lnk

[2012.03.22 19:48:41 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2012.03.22 19:28:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.03.14 23:16:45 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.03.14 11:20:36 | 000,000,000 | ---- | M] () -- C:\Users\Sabrina\defogger_reenable

[2012.03.11 20:19:16 | 000,000,000 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\TS3Patch.lck

[2012.03.01 15:26:53 | 000,000,680 | RHS- | M] () -- C:\Users\Sabrina\ntuser.pol

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.03.24 17:52:34 | 000,000,552 | ---- | C] () -- C:\Users\Sabrina\AppData\Local\d3d8caps.dat

[2012.03.23 22:15:43 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.03.22 20:13:31 | 000,000,411 | ---- | C] () -- C:\Users\Sabrina\Desktop\Sammelordner - Verknüpfung.lnk

[2012.03.22 19:48:41 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2012.03.22 16:16:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.03.22 16:16:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.03.22 16:16:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.03.22 16:16:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.03.22 16:16:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.03.14 23:16:45 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.03.14 11:20:36 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\defogger_reenable

[2012.03.11 20:19:16 | 000,000,000 | ---- | C] () -- C:\Users\Sabrina\AppData\Roaming\TS3Patch.lck

[2012.03.01 15:26:02 | 000,000,680 | RHS- | C] () -- C:\Users\Sabrina\ntuser.pol

[2011.04.17 16:05:29 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2010.08.27 16:06:22 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll

 
 ========== LOP Check ==========

 

[2012.03.01 15:28:18 | 000,000,000 | ---D | M] -- C:\Users\Jack Frank\AppData\Roaming\AVG10

[2012.03.04 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Jack Frank\AppData\Roaming\AVG2012

[2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon

[2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity

[2010.11.13 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG10

[2012.03.04 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG2012

[2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon

[2011.12.27 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoft

[2011.12.27 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.27 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Foxit Software

[2011.04.17 16:05:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\FreeAudioPack

[2011.01.23 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0

[2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape

[2012.03.04 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\IrfanView

[2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX

[2010.08.27 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org

[2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera

[2012.02.12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Origin

[2011.01.13 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\PhotoScape

[2011.02.12 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Software4u

[2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony

[2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup

[2010.11.28 00:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\SYBEX.eurofahrschule2010.9151FF1C04D985321FBE252CD7DD9485437B0213.1

[2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca

[2011.04.06 22:09:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template

[2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba

[2012.03.26 23:00:30 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.01.24 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Adobe

[2010.02.14 18:52:23 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Amazon

[2012.03.14 23:19:57 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Apple Computer

[2009.01.31 18:23:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\ATI

[2009.09.12 21:24:39 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Audacity

[2010.11.13 13:29:54 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG10

[2012.03.04 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVG2012

[2009.05.10 22:12:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\AVS4YOU

[2010.07.03 13:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Canon

[2009.11.14 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Creative

[2011.01.16 18:11:37 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DivX

[2011.12.27 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoft

[2011.12.27 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.27 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Foxit Software

[2011.04.17 16:05:33 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\FreeAudioPack

[2009.01.31 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Google

[2011.01.23 18:56:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\gtk-2.0

[2009.01.31 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Identities

[2009.02.24 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Inkscape

[2012.03.04 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\IrfanView

[2009.01.31 19:06:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Macromedia

[2009.08.10 13:01:27 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\MAGIX

[2010.08.08 21:00:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Media Center Programs

[2010.11.13 13:21:31 | 000,000,000 | --SD | M] -- C:\Users\Sabrina\AppData\Roaming\Microsoft

[2010.08.10 17:48:42 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Mozilla

[2010.08.27 15:15:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org

[2009.06.13 09:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Opera

[2012.02.12 13:31:48 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Origin

[2011.01.13 22:31:53 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\PhotoScape

[2009.03.27 01:31:19 | 000,000,000 | RH-D | M] -- C:\Users\Sabrina\AppData\Roaming\SecuROM

[2010.09.29 22:13:21 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Skype

[2010.09.29 21:06:06 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\skypePM

[2011.02.12 17:23:09 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Software4u

[2010.01.18 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony

[2009.02.01 23:00:40 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Ericsson

[2010.01.18 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Sony Setup

[2010.11.28 00:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\SYBEX.eurofahrschule2010.9151FF1C04D985321FBE252CD7DD9485437B0213.1

[2009.08.08 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Teleca

[2011.04.06 22:09:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Template

[2009.02.23 12:25:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\Toshiba

[2009.02.06 14:51:04 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2009.06.08 08:58:08 | 000,010,134 | R--- | M] () -- C:\Users\Sabrina\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2010.08.27 15:17:44 | 000,583,168 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\EF1.tmp_\sun-pdfimport.oxt\xpdfimport.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys

[2008.03.25 05:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys

[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys

[2008.03.26 05:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Druckumgebung] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Eigene Dateien] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Lokale Einstellungen] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Netzwerkumgebung] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Recent] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\SendTo] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Startmenü] -> Error: Cannot create file handle -> Unknown point type

[C:\Windows\System32\config\systemprofile\Vorlagen] -> Error: Cannot create file handle -> Unknown point type

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
 

< End of report >

Code:

OTL Extras logfile created on: 27.03.2012 11:26:24 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sabrina\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19190)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,21% Memory free

6,21 Gb Paging File | 4,96 Gb Available in Paging File | 79,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,29 Gb Total Space | 25,72 Gb Free Space | 22,12% Space Free | Partition Type: NTFS

Drive E: | 115,13 Gb Total Space | 102,30 Gb Free Space | 88,86% Space Free | Partition Type: NTFS

 

Computer Name: BINAS-PC | User Name: Sabrina | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

 

[HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{104237F3-AB93-48E3-A092-18B38ED2786F}" = rport=445 | protocol=6 | dir=out | app=system | 

"{1054B5DD-6A6C-476A-A793-A265EECBBC76}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{151FB4E8-8340-4177-9A19-F8FF50C35343}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{160470B3-AD48-4602-A32A-69DCC030EBF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{268A2E09-94B0-4A7B-8014-1A4598CBCF21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{309E3ECA-E5B9-4A6D-8D26-00BCCD21B8AE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{312A5115-1596-4B2D-9DDF-7E6B4F4D45DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{547F48FD-DFF8-4390-A775-5A8061001C20}" = lport=137 | protocol=17 | dir=in | app=system | 

"{557C8C15-C900-4F67-990D-CBCD0F5D1B4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{56B1E6B2-8558-44BC-A07B-CEFB061E1827}" = lport=138 | protocol=17 | dir=in | app=system | 

"{596CD246-E267-402D-B4B6-25D84B0E5210}" = rport=138 | protocol=17 | dir=out | app=system | 

"{65F0C2DE-0B91-40D9-89C4-0C030F1E3185}" = rport=137 | protocol=17 | dir=out | app=system | 

"{6A35D989-E976-474F-AED7-B2C3CCB3B8F7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{8032A516-D65A-4B51-A8D5-1788CFEDFDFB}" = lport=139 | protocol=6 | dir=in | app=system | 

"{8051F23C-0736-4961-8DD0-8DAD4261A0F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{83BA94AF-AB65-4188-A477-2CA85BDEE69F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{85343040-8DA4-4A74-BAFC-6C158BB30737}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{900101FA-303F-40AB-B9BB-633B19FFA14B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{9CA19EB8-80C1-4349-B49C-8CD06405D0F7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A828756C-0440-41BC-89C6-98E15A40150F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{AE803DC1-BC82-4B06-B973-637B1C962CA5}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{C9F60E2C-E098-4317-9BB6-F94A231C4346}" = lport=445 | protocol=6 | dir=in | app=system | 

"{CB1EE25A-D1BE-4312-AB33-E310A35FE7E4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{D9319571-D976-46E6-BCA0-908E5381D291}" = rport=139 | protocol=6 | dir=out | app=system | 

"{E5757597-8B12-44EC-BCDF-1D17F9172AAC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{EEB8551D-B992-4F98-8438-7F5C423C1D08}" = rport=2869 | protocol=6 | dir=out | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07A8226D-BEE2-45F5-8759-7D6D384D0EDA}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{082F1D9F-D47F-4408-85DC-F48B77BFBD42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{1E80D845-AFDE-4539-8678-D57F37DC4F32}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 

"{22C551C9-0534-4CF7-9EDD-FBC2653317EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 

"{28036563-9E4B-42CD-9F45-FA9AEB193C42}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 

"{361C130B-79A7-4F44-8E39-557BC3A702A4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 

"{3C1A0C5A-3AE6-49A7-8FBA-1D2E6A33C5BA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 

"{49A14D9F-DF9A-4AF2-92CC-437C8FF47A64}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 

"{4F7F4E65-EA91-4972-B207-1F8B90153A03}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 

"{56C32CD8-7112-471E-B3E3-7916213A9E4C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5821748C-6D39-4F3F-9F6A-066DDB9D0B25}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{7818C439-5DDA-4BB0-A7B9-0361E7404AD7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 

"{7B818882-2E1D-4105-BFBE-7D73AE772966}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{7FAEEE3E-8DE8-479F-9CFE-40ED84FF83F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{820ED8FC-672D-4D0D-8055-5C9591E5124B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 

"{895EFCA9-D51B-4EDA-BDB8-F2B921382F12}" = protocol=17 | dir=in | app=e:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 

"{8D169EA1-F28A-40A1-A5F1-CB1D379C528C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{984A9F69-82BE-429F-BD4C-8AEC610F9A1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{986E81AB-DF7F-41C4-B6CE-11E3AEB81F99}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 

"{99BE8696-F6C5-43E7-B489-6A4DB6955508}" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe | 

"{A2AEE2F9-1667-4993-88DD-9A9EE3D347D8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{A96637E8-6BB8-4DDA-93E5-F6C35F31F2F7}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe | 

"{B0956CBF-E0C3-4E20-893C-0CC6C3FADC80}" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe | 

"{B1DE394E-71B2-422E-8900-B476E6E852AD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{B8252693-537B-49ED-B71A-B6111A24E408}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 

"{C459C01B-32BA-44E8-8664-B823D40BC49B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 

"{CA45FEAB-1369-45C8-8DCA-CBE8FAB28AFD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{E3139214-EF98-43FE-A4FD-3D39A5287F8B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{E32CCD98-55BD-45AD-83AE-38B20D7782DE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 

"{E4B38D3E-66B1-459E-B22F-E70E113AA915}" = protocol=6 | dir=in | app=e:\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 

"{FA2B80B2-367B-4303-9448-9A64C633485A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{FBE7DBA6-E674-42A2-A3AE-CEB9C2ADED85}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{FD572625-2BC6-4234-8D30-5AC14D6F2BF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{20112835-0FA1-46A0-BC83-607512491A77}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{2BFE1F7C-DA55-4B69-82DE-5AC1F60AE493}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 

"TCP Query User{37BE4E25-39AF-46CF-83CC-199C9BB08B8F}E:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 

"TCP Query User{A65A0C52-9700-4A12-AC59-DDE4F19E7B8C}E:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 

"TCP Query User{AEEF400B-55D4-47BD-AE6F-0A7CF8B900D6}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"TCP Query User{D6653F3B-FC03-47F0-B7B3-1744617DC722}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{068AB5B3-921F-450F-A5DB-08284A908708}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{7720361D-51C8-438C-B1B4-97FBD7ABEF60}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

"UDP Query User{7D4AE556-3F93-40A5-AA89-3EE7292A42F9}E:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\backgrounddownloader.exe | 

"UDP Query User{7E96CADE-BC28-4DD7-9343-9DF660113E42}E:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | 

"UDP Query User{C133F016-2287-41C8-97C2-8287DA8B8D53}E:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe | 

"UDP Query User{EB395364-0EEE-47B4-ABF1-D7EA9B1D09F4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese

"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian

"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree

"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1

"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer

"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard

"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher

"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24

"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup

"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish

"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German

"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New

"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires

"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins

"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing

"{8018AD38-3EBB-A031-D4F8-EF6A5952F168}" = ATI Catalyst Install Manager

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 

"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer

"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese

"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch

"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library

"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator

"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3

"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static

"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English

"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional

"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French

"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light

"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"7-Zip" = 7-Zip 4.65

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"ALchemy" = Creative ALchemy

"AudioCS" = Creative Audio-Systemsteuerung

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CCleaner" = CCleaner

"Creative Software AutoUpdate" = Creative Software AutoUpdate

"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DivX Setup.divx.com" = DivX-Setup

"ESET Online Scanner" = ESET Online Scanner v3

"Foxit Creator" = Foxit Creator

"Foxit Reader" = Foxit Reader

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206

"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder

"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)

"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0

"MSC" = McAfee Internet Security Suite

"NAVIGON Fresh" = NAVIGON Fresh 3.3.2

"Origin" = Origin

"Revo Uninstaller" = Revo Uninstaller 1.89

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"SysInfo" = Creative Systeminformationen

"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"pdfsam" = pdfsam

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 27.03.2012 05:10:41 | Computer Name = Binas-PC | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 27.03.2012 05:17:27 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 3600 (0xe10)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\System32\msfeeds.dll
 

 by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   

7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:19:29 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 3448 (0xd78)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\System32\odbc32.dll
 

 by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   

7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:19:36 | Computer Name = Binas-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung McSvHost.exe, Version 2.0.230.0, Zeitstempel

 0x4d41ff35, fehlerhaftes Modul naiann.dll_unloaded, Version 0.0.0.0, Zeitstempel

 0x4d545190, Ausnahmecode 0xc0000005, Fehleroffset 0x690f0296,  Prozess-ID 0x7d0, 

Anwendungsstartzeit 01c84bf8b5837ff6.

 

Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 3152 (0xc50)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\System32\inetcpl.cpl
 

 by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   

7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 3436 (0xd6c)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\System32\inetcpl.cpl
 

 by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   4(0)(0)   4(0)(0)   

7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 2352 (0x930)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Program Files\Common

 Files\Mcafee\McSvcHost\McSvHost.exe   by C:\Windows\system32\services.exe   4(0)(0)
 

 4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)   7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 5380 (0x1504)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\system32\schedsvc.dll
 

 by C:\Windows\System32\svchost.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)
 

 7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 5468 (0x155c)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\System32\taskeng.exe
 

 by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe   4(16)(0)   4(16)(0)
 

 7200(16)(0)   7595(16)(0)   7005(16)(0)   7004(16)(0)   5006(0)(0)   5004(0)(0)  

 

Error - 27.03.2012 05:24:13 | Computer Name = Binas-PC | Source = McLogEvent | ID = 5051

Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

 took longer than 90000 ms to complete a request.    The process will be terminated.

Thread

 id : 5568 (0x15c0)    Thread address : 0x77C45CD4    Thread message :      Build VSCORE.14.4.0.380

 / 5400.1158   Object being scanned = \Device\HarddiskVolume2\Windows\system32\de-DE\kernel32.dll.mui
 

 by C:\Windows\system32\wermgr.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)
 

 7004(0)(0)   5006(0)(0)   5004(0)(0)  

 

[ System Events ]

Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 27.03.2012 05:19:50 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 27.03.2012 05:20:20 | Computer Name = Binas-PC | Source = DCOM | ID = 10010

Description = 

 

Error - 27.03.2012 05:24:14 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 27.03.2012 05:24:14 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 27.03.2012 05:24:19 | Computer Name = Binas-PC | Source = Service Control Manager | ID = 7031

Description = 

 

 

< End of report >

Sorry, zum Zip Datei Anhängen war ich nicht fähig :stirn:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={397F087D-DA3D-4442-8FE4-941CDB0E6F2F}&mid=31ebcf19351f430d8ff84e06781f1110-22c19b33995470c8b6c3d849a9229e006eb3ab9d&lang=de&ds=AVG&pr=fr&d=2012-03-04 13:36:16&v=10.0.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{C9F333E8-D232-41B5-B695-484B45E14879}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1

IE - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR - Extension: DivX HiQ = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O3 - HKU\S-1-5-21-4238982150-1646019570-3159825535-1000\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.

O4 - HKLM..\Run: [00TCrdMain] E File not found

O4 - HKLM..\Run: [ATICustomerCare] E" File not found

O4 - HKLM..\Run: [CanonMyPrinter] E /LOGON File not found

O4 - HKLM..\Run: [CanonSolutionMenu] E /LOGON File not found

O4 - HKLM..\Run: [DivXUpdate] E" /CHECKNOW File not found

O4 - HKLM..\Run: [Module Loader] E -STARTUPRUN File not found

O4 - HKLM..\Run: [QuickTime Task] E" -ATBOOTTIME File not found

O4 - HKLM..\Run: [ROC_roc_dec12] E" /PROMPT /CMPID=ROC_DEC12 File not found

O4 - HKLM..\Run: [RtHDVCpl] E File not found

O4 - HKLM..\Run: [SmoothView] E File not found

O4 - HKLM..\Run: [StartCCC] E" File not found

O4 - HKLM..\Run: [SynTPEnh] E File not found

O4 - HKLM..\Run: [Toshiba Registration] E File not found

O4 - HKLM..\Run: [Toshiba TEMPO] E File not found

O4 - HKLM..\Run: [TPwrMain] E File not found

O4 - HKLM..\Run: [VolPanel] E" /R File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

:Files

C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files

C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf

C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten

C:\Users\Sabrina\AppData\Local\a28aa113

C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files

C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf

C:\Windows\System32\config\systemprofile\Cookies

C:\Windows\System32\config\systemprofile\Druckumgebung

C:\Windows\System32\config\systemprofile\Eigene Dateien

C:\Windows\System32\config\systemprofile\Lokale Einstellungen

C:\Windows\System32\config\systemprofile\Netzwerkumgebung

C:\Windows\System32\config\systemprofile\Recent

C:\Windows\System32\config\systemprofile\SendTo

C:\Windows\System32\config\systemprofile\Startmenü

C:\Windows\System32\config\systemprofile\Vorlagen

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.

Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C9F333E8-D232-41B5-B695-484B45E14879}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C9F333E8-D232-41B5-B695-484B45E14879}\ not found.

Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.

Registry key HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FBB9CB-6D2D-416C-A5F5-BF098C676B40}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.

C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.

C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\zh_TW folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\zh_CN folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\pt_BR folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\ja folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\fr folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\es folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\en folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales\de folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\_locales folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\images folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0 folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\zh_TW folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\zh_CN folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\pt_BR folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\ja folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\fr folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\es folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\en folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales\de folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\_locales folder moved successfully.

C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.

File C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.

File C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll not found.

Registry value HKEY_USERS\S-1-5-21-4238982150-1646019570-3159825535-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\00TCrdMain deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ATICustomerCare deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonMyPrinter deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CanonSolutionMenu deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Module Loader deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RtHDVCpl deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmoothView deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\StartCCC deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SynTPEnh deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Toshiba Registration deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Toshiba TEMPO deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TPwrMain deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VolPanel deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

========== FILES ==========

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver folder moved successfully.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten folder moved successfully.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten scheduled to be moved on reboot.

C:\Users\Sabrina\AppData\Local\a28aa113\U folder moved successfully.

C:\Users\Sabrina\AppData\Local\a28aa113 folder moved successfully.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Cookies scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Druckumgebung scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Eigene Dateien scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Lokale Einstellungen scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Netzwerkumgebung scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Recent scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\SendTo scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Startmenü scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Vorlagen scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Jack Frank

->Temp folder emptied: 499380 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 146199973 bytes

->Flash cache emptied: 61223 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Sabrina

->Temp folder emptied: 33738 bytes

->Temporary Internet Files folder emptied: 414510 bytes

->Java cache emptied: 36718 bytes

->FireFox cache emptied: 389722935 bytes

->Google Chrome cache emptied: 64980389 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 18882 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 71368 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 574,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 03272012_162828
 

Files\Folders moved on Reboot...

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Microsoft not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\GBScreensaver not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google\CrashReports not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Google not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten not found!

File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten not found!

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Cookies scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Druckumgebung scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Eigene Dateien scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Lokale Einstellungen scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Netzwerkumgebung scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Recent scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\SendTo scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Startmenü scheduled to be moved on reboot.

Folder move failed. C:\Windows\System32\config\systemprofile\Vorlagen scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

22:04:42.0850 5736        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18

22:04:44.0855 5736        ============================================================

22:04:44.0855 5736        Current date / time: 2012/03/27 22:04:44.0855

22:04:44.0855 5736        SystemInfo:

22:04:44.0855 5736        

22:04:44.0855 5736        OS Version: 6.0.6002 ServicePack: 2.0

22:04:44.0855 5736        Product type: Workstation

22:04:44.0856 5736        ComputerName: BINAS-PC

22:04:44.0856 5736        UserName: Sabrina

22:04:44.0856 5736        Windows directory: C:\Windows

22:04:44.0856 5736        System windows directory: C:\Windows

22:04:44.0856 5736        Processor architecture: Intel x86

22:04:44.0856 5736        Number of processors: 2

22:04:44.0856 5736        Page size: 0x1000

22:04:44.0856 5736        Boot type: Normal boot

22:04:44.0856 5736        ============================================================

22:04:47.0388 5736        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:04:47.0463 5736        \Device\Harddisk0\DR0:

22:04:47.0496 5736        MBR used

22:04:47.0496 5736        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000

22:04:47.0496 5736        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970

22:04:47.0922 5736        Initialize success

22:04:47.0922 5736        ============================================================

22:05:10.0523 6024        ============================================================

22:05:10.0523 6024        Scan started

22:05:10.0523 6024        Mode: Manual; SigCheck; TDLFS; 

22:05:10.0523 6024        ============================================================

22:05:11.0044 6024        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

22:05:11.0294 6024        ACPI - ok

22:05:11.0446 6024        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

22:05:11.0512 6024        adp94xx - ok

22:05:11.0568 6024        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

22:05:11.0601 6024        adpahci - ok

22:05:11.0636 6024        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

22:05:11.0666 6024        adpu160m - ok

22:05:11.0693 6024        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

22:05:11.0724 6024        adpu320 - ok

22:05:11.0780 6024        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

22:05:11.0860 6024        AeLookupSvc - ok

22:05:11.0925 6024        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

22:05:11.0993 6024        AFD - ok

22:05:12.0080 6024        AgereSoftModem  (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys

22:05:12.0290 6024        AgereSoftModem - ok

22:05:12.0347 6024        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

22:05:12.0375 6024        agp440 - ok

22:05:12.0396 6024        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

22:05:12.0425 6024        aic78xx - ok

22:05:12.0464 6024        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

22:05:12.0552 6024        ALG - ok

22:05:12.0584 6024        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

22:05:12.0610 6024        aliide - ok

22:05:12.0674 6024        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

22:05:12.0702 6024        amdagp - ok

22:05:12.0735 6024        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

22:05:12.0760 6024        amdide - ok

22:05:12.0787 6024        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

22:05:12.0856 6024        AmdK7 - ok

22:05:12.0880 6024        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

22:05:12.0948 6024        AmdK8 - ok

22:05:13.0014 6024        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

22:05:13.0063 6024        Appinfo - ok

22:05:13.0190 6024        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:05:13.0216 6024        Apple Mobile Device - ok

22:05:13.0340 6024        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

22:05:13.0367 6024        arc - ok

22:05:13.0425 6024        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

22:05:13.0451 6024        arcsas - ok

22:05:13.0496 6024        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

22:05:13.0551 6024        AsyncMac - ok

22:05:13.0589 6024        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

22:05:13.0616 6024        atapi - ok

22:05:13.0697 6024        athr            (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys

22:05:13.0860 6024        athr - ok

22:05:13.0937 6024        Ati External Event Utility (54d715af597c06e87418c50f481bdd2c) C:\Windows\system32\Ati2evxx.exe

22:05:14.0086 6024        Ati External Event Utility - ok

22:05:14.0279 6024        atikmdag        (be4d8fdc6b2598c46b2b5e6e4fbaafc5) C:\Windows\system32\DRIVERS\atikmdag.sys

22:05:14.0448 6024        atikmdag - ok

22:05:14.0524 6024        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

22:05:14.0578 6024        AudioEndpointBuilder - ok

22:05:14.0602 6024        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

22:05:14.0654 6024        Audiosrv - ok

22:05:14.0736 6024        AVG Security Toolbar Service - ok

22:05:14.0832 6024        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

22:05:14.0902 6024        Beep - ok

22:05:14.0982 6024        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

22:05:15.0114 6024        BFE - ok

22:05:15.0189 6024        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

22:05:15.0271 6024        BITS - ok

22:05:15.0319 6024        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

22:05:15.0393 6024        blbdrive - ok

22:05:15.0479 6024        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

22:05:15.0513 6024        Bonjour Service - ok

22:05:15.0572 6024        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

22:05:15.0642 6024        bowser - ok

22:05:15.0706 6024        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

22:05:15.0759 6024        BrFiltLo - ok

22:05:15.0782 6024        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

22:05:15.0828 6024        BrFiltUp - ok

22:05:15.0871 6024        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

22:05:15.0927 6024        Browser - ok

22:05:15.0952 6024        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

22:05:16.0044 6024        Brserid - ok

22:05:16.0076 6024        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

22:05:16.0167 6024        BrSerWdm - ok

22:05:16.0198 6024        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

22:05:16.0298 6024        BrUsbMdm - ok

22:05:16.0324 6024        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

22:05:16.0416 6024        BrUsbSer - ok

22:05:16.0439 6024        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

22:05:16.0531 6024        BTHMODEM - ok

22:05:16.0635 6024        catchme - ok

22:05:16.0670 6024        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

22:05:16.0726 6024        cdfs - ok

22:05:16.0759 6024        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

22:05:16.0807 6024        cdrom - ok

22:05:16.0870 6024        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

22:05:16.0930 6024        CertPropSvc - ok

22:05:17.0019 6024        cfwids          (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys

22:05:17.0095 6024        cfwids - ok

22:05:17.0135 6024        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

22:05:17.0196 6024        circlass - ok

22:05:17.0228 6024        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

22:05:17.0267 6024        CLFS - ok

22:05:17.0349 6024        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:05:17.0375 6024        clr_optimization_v2.0.50727_32 - ok

22:05:17.0429 6024        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:05:17.0473 6024        clr_optimization_v4.0.30319_32 - ok

22:05:17.0574 6024        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

22:05:17.0632 6024        CmBatt - ok

22:05:17.0655 6024        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

22:05:17.0679 6024        cmdide - ok

22:05:17.0701 6024        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

22:05:17.0726 6024        Compbatt - ok

22:05:17.0738 6024        COMSysApp - ok

22:05:17.0826 6024        ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

22:05:17.0849 6024        ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning

22:05:17.0849 6024        ConfigFree Service - detected UnsignedFile.Multi.Generic (1)

22:05:17.0878 6024        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

22:05:17.0903 6024        crcdisk - ok

22:05:17.0986 6024        Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

22:05:18.0003 6024        Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

22:05:18.0003 6024        Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

22:05:18.0047 6024        Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

22:05:18.0073 6024        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

22:05:18.0074 6024        Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

22:05:18.0138 6024        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

22:05:18.0209 6024        Crusoe - ok

22:05:18.0284 6024        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

22:05:18.0332 6024        CryptSvc - ok

22:05:18.0430 6024        CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files\Creative\Shared Files\CTAudSvc.exe

22:05:18.0447 6024        CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning

22:05:18.0447 6024        CTAudSvcService - detected UnsignedFile.Multi.Generic (1)

22:05:18.0524 6024        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

22:05:18.0594 6024        DcomLaunch - ok

22:05:18.0645 6024        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

22:05:18.0723 6024        DfsC - ok

22:05:18.0837 6024        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

22:05:19.0022 6024        DFSR - ok

22:05:19.0099 6024        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

22:05:19.0149 6024        Dhcp - ok

22:05:19.0207 6024        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

22:05:19.0235 6024        disk - ok

22:05:19.0285 6024        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

22:05:19.0333 6024        Dnscache - ok

22:05:19.0368 6024        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

22:05:19.0431 6024        dot3svc - ok

22:05:19.0493 6024        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

22:05:19.0551 6024        DPS - ok

22:05:19.0620 6024        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

22:05:19.0666 6024        drmkaud - ok

22:05:19.0729 6024        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

22:05:19.0791 6024        DXGKrnl - ok

22:05:19.0836 6024        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

22:05:19.0895 6024        E1G60 - ok

22:05:19.0940 6024        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

22:05:19.0987 6024        EapHost - ok

22:05:20.0058 6024        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

22:05:20.0090 6024        Ecache - ok

22:05:20.0147 6024        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

22:05:20.0186 6024        ehRecvr - ok

22:05:20.0198 6024        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

22:05:20.0257 6024        ehSched - ok

22:05:20.0263 6024        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

22:05:20.0300 6024        ehstart - ok

22:05:20.0374 6024        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

22:05:20.0416 6024        elxstor - ok

22:05:20.0495 6024        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

22:05:20.0584 6024        EMDMgmt - ok

22:05:20.0622 6024        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

22:05:20.0687 6024        ErrDev - ok

22:05:20.0755 6024        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

22:05:20.0807 6024        EventSystem - ok

22:05:20.0887 6024        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

22:05:20.0953 6024        exfat - ok

22:05:20.0987 6024        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

22:05:21.0047 6024        fastfat - ok

22:05:21.0122 6024        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

22:05:21.0177 6024        fdc - ok

22:05:21.0211 6024        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

22:05:21.0268 6024        fdPHost - ok

22:05:21.0284 6024        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

22:05:21.0378 6024        FDResPub - ok

22:05:21.0423 6024        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

22:05:21.0448 6024        FileInfo - ok

22:05:21.0473 6024        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

22:05:21.0543 6024        Filetrace - ok

22:05:21.0564 6024        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

22:05:21.0621 6024        flpydisk - ok

22:05:21.0664 6024        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

22:05:21.0696 6024        FltMgr - ok

22:05:21.0770 6024        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

22:05:21.0839 6024        FontCache - ok

22:05:21.0896 6024        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

22:05:21.0920 6024        FontCache3.0.0.0 - ok

22:05:21.0959 6024        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

22:05:22.0004 6024        Fs_Rec - ok

22:05:22.0063 6024        FwLnk           (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

22:05:22.0124 6024        FwLnk - ok

22:05:22.0145 6024        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

22:05:22.0171 6024        gagp30kx - ok

22:05:22.0229 6024        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:05:22.0251 6024        GEARAspiWDM - ok

22:05:22.0303 6024        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

22:05:22.0413 6024        gpsvc - ok

22:05:22.0446 6024        gupdate - ok

22:05:22.0474 6024        gupdatem - ok

22:05:22.0533 6024        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

22:05:22.0639 6024        HdAudAddService - ok

22:05:22.0692 6024        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:05:22.0776 6024        HDAudBus - ok

22:05:22.0802 6024        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

22:05:22.0893 6024        HidBth - ok

22:05:22.0914 6024        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

22:05:23.0012 6024        HidIr - ok

22:05:23.0046 6024        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

22:05:23.0095 6024        hidserv - ok

22:05:23.0124 6024        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

22:05:23.0169 6024        HidUsb - ok

22:05:23.0201 6024        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

22:05:23.0260 6024        hkmsvc - ok

22:05:23.0287 6024        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

22:05:23.0312 6024        HpCISSs - ok

22:05:23.0357 6024        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

22:05:23.0443 6024        HTTP - ok

22:05:23.0486 6024        hwdatacard - ok

22:05:23.0534 6024        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

22:05:23.0560 6024        i2omp - ok

22:05:23.0655 6024        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

22:05:23.0718 6024        i8042prt - ok

22:05:23.0759 6024        iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys

22:05:23.0788 6024        iaStor - ok

22:05:23.0834 6024        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

22:05:23.0869 6024        iaStorV - ok

22:05:23.0970 6024        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:05:24.0100 6024        idsvc - ok

22:05:24.0129 6024        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

22:05:24.0156 6024        iirsp - ok

22:05:24.0219 6024        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

22:05:24.0277 6024        IKEEXT - ok

22:05:24.0400 6024        IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys

22:05:24.0592 6024        IntcAzAudAddService - ok

22:05:24.0647 6024        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

22:05:24.0672 6024        intelide - ok

22:05:24.0722 6024        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

22:05:24.0786 6024        intelppm - ok

22:05:24.0829 6024        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

22:05:24.0898 6024        IPBusEnum - ok

22:05:24.0939 6024        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:05:25.0002 6024        IpFilterDriver - ok

22:05:25.0042 6024        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

22:05:25.0093 6024        iphlpsvc - ok

22:05:25.0113 6024        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

22:05:25.0178 6024        IPMIDRV - ok

22:05:25.0208 6024        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

22:05:25.0266 6024        IPNAT - ok

22:05:25.0361 6024        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe

22:05:25.0411 6024        iPod Service - ok

22:05:25.0449 6024        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

22:05:25.0505 6024        IRENUM - ok

22:05:25.0531 6024        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

22:05:25.0558 6024        isapnp - ok

22:05:25.0601 6024        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

22:05:25.0635 6024        iScsiPrt - ok

22:05:25.0656 6024        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

22:05:25.0680 6024        iteatapi - ok

22:05:25.0699 6024        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

22:05:25.0724 6024        iteraid - ok

22:05:25.0837 6024        jswpsapi        (723ba0aec942e91c0a9ce146e73deceb) C:\Program Files\Jumpstart\jswpsapi.exe

22:05:25.0911 6024        jswpsapi ( UnsignedFile.Multi.Generic ) - warning

22:05:25.0912 6024        jswpsapi - detected UnsignedFile.Multi.Generic (1)

22:05:25.0935 6024        jswpslwf        (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys

22:05:25.0983 6024        jswpslwf - ok

22:05:26.0017 6024        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:05:26.0044 6024        kbdclass - ok

22:05:26.0060 6024        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

22:05:26.0124 6024        kbdhid - ok

22:05:26.0164 6024        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

22:05:26.0214 6024        KeyIso - ok

22:05:26.0273 6024        ksaud           (2be8c28f2139c9b767c970497936f600) C:\Windows\system32\drivers\ksaud.sys

22:05:26.0352 6024        ksaud - ok

22:05:26.0404 6024        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

22:05:26.0448 6024        KSecDD - ok

22:05:26.0507 6024        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

22:05:26.0574 6024        KtmRm - ok

22:05:26.0608 6024        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

22:05:26.0661 6024        LanmanServer - ok

22:05:26.0698 6024        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

22:05:26.0753 6024        LanmanWorkstation - ok

22:05:26.0811 6024        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

22:05:26.0866 6024        lltdio - ok

22:05:26.0902 6024        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

22:05:26.0966 6024        lltdsvc - ok

22:05:26.0994 6024        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

22:05:27.0101 6024        lmhosts - ok

22:05:27.0133 6024        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

22:05:27.0161 6024        LSI_FC - ok

22:05:27.0193 6024        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

22:05:27.0219 6024        LSI_SAS - ok

22:05:27.0262 6024        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

22:05:27.0291 6024        LSI_SCSI - ok

22:05:27.0317 6024        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

22:05:27.0384 6024        luafv - ok

22:05:27.0462 6024        LVUSBSta        (c7fcb579956b7fde002e6e9de36728d3) C:\Windows\system32\drivers\lvusbsta.sys

22:05:27.0520 6024        LVUSBSta - ok

22:05:27.0587 6024        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

22:05:27.0609 6024        MBAMProtector - ok

22:05:27.0691 6024        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

22:05:27.0738 6024        MBAMService - ok

22:05:27.0884 6024        McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:27.0912 6024        McAfee SiteAdvisor Service - ok

22:05:27.0923 6024        McMPFSvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:27.0949 6024        McMPFSvc - ok

22:05:27.0960 6024        mcmscsvc        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:27.0986 6024        mcmscsvc - ok

22:05:27.0996 6024        McNaiAnn        (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:28.0022 6024        McNaiAnn - ok

22:05:28.0048 6024        McNASvc         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:28.0074 6024        McNASvc - ok

22:05:28.0186 6024        McODS           (e8c5aae17e8332f5f4f57935238cd5eb) C:\Program Files\McAfee\VirusScan\mcods.exe

22:05:28.0219 6024        McODS - ok

22:05:28.0231 6024        McProxy         (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:28.0257 6024        McProxy - ok

22:05:28.0330 6024        McShield        (151f3ca25b739b9cb0066abd1523f064) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

22:05:28.0357 6024        McShield - ok

22:05:28.0452 6024        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2svc.dll

22:05:28.0497 6024        Mcx2Svc - ok

22:05:28.0583 6024        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

22:05:28.0608 6024        megasas - ok

22:05:28.0672 6024        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

22:05:28.0720 6024        MegaSR - ok

22:05:28.0764 6024        mfeapfk         (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys

22:05:28.0788 6024        mfeapfk - ok

22:05:28.0851 6024        mfeavfk         (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys

22:05:28.0877 6024        mfeavfk - ok

22:05:28.0890 6024        mfeavfk01 - ok

22:05:28.0941 6024        mfebopk         (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys

22:05:28.0964 6024        mfebopk - ok

22:05:29.0084 6024        mfefire         (26ba2eebcff16f611ce1118fa0850810) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

22:05:29.0109 6024        mfefire - ok

22:05:29.0218 6024        mfefirek        (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys

22:05:29.0274 6024        mfefirek - ok

22:05:29.0380 6024        mfehidk         (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys

22:05:29.0417 6024        mfehidk - ok

22:05:29.0448 6024        mfenlfk         (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys

22:05:29.0471 6024        mfenlfk - ok

22:05:29.0511 6024        mferkdet        (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys

22:05:29.0535 6024        mferkdet - ok

22:05:29.0599 6024        mferkdk         (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys

22:05:29.0620 6024        mferkdk - ok

22:05:29.0663 6024        mfesmfk         (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys

22:05:29.0685 6024        mfesmfk - ok

22:05:29.0761 6024        mfevtp          (e91c36e76e6395f233b3ae2ebc17251e) C:\Windows\system32\mfevtps.exe

22:05:29.0789 6024        mfevtp - ok

22:05:29.0830 6024        mfewfpk         (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys

22:05:29.0858 6024        mfewfpk - ok

22:05:29.0890 6024        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

22:05:29.0950 6024        MMCSS - ok

22:05:29.0993 6024        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

22:05:30.0049 6024        Modem - ok

22:05:30.0069 6024        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

22:05:30.0125 6024        monitor - ok

22:05:30.0140 6024        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

22:05:30.0166 6024        mouclass - ok

22:05:30.0187 6024        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

22:05:30.0242 6024        mouhid - ok

22:05:30.0263 6024        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

22:05:30.0290 6024        MountMgr - ok

22:05:30.0338 6024        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

22:05:30.0366 6024        mpio - ok

22:05:30.0397 6024        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

22:05:30.0446 6024        mpsdrv - ok

22:05:30.0490 6024        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

22:05:30.0549 6024        MpsSvc - ok

22:05:30.0591 6024        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

22:05:30.0616 6024        Mraid35x - ok

22:05:30.0648 6024        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

22:05:30.0686 6024        MRxDAV - ok

22:05:30.0723 6024        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:05:30.0803 6024        mrxsmb - ok

22:05:30.0847 6024        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:05:30.0897 6024        mrxsmb10 - ok

22:05:30.0923 6024        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:05:30.0959 6024        mrxsmb20 - ok

22:05:30.0999 6024        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

22:05:31.0025 6024        msahci - ok

22:05:31.0052 6024        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

22:05:31.0078 6024        msdsm - ok

22:05:31.0116 6024        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

22:05:31.0178 6024        MSDTC - ok

22:05:31.0209 6024        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

22:05:31.0265 6024        Msfs - ok

22:05:31.0321 6024        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

22:05:31.0346 6024        msisadrv - ok

22:05:31.0384 6024        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

22:05:31.0451 6024        MSiSCSI - ok

22:05:31.0464 6024        msiserver - ok

22:05:31.0578 6024        MSK80Service    (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

22:05:31.0603 6024        MSK80Service - ok

22:05:31.0732 6024        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

22:05:31.0787 6024        MSKSSRV - ok

22:05:31.0817 6024        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

22:05:31.0873 6024        MSPCLOCK - ok

22:05:31.0891 6024        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

22:05:31.0955 6024        MSPQM - ok

22:05:32.0004 6024        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

22:05:32.0035 6024        MsRPC - ok

22:05:32.0077 6024        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

22:05:32.0103 6024        mssmbios - ok

22:05:32.0147 6024        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

22:05:32.0203 6024        MSTEE - ok

22:05:32.0222 6024        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

22:05:32.0251 6024        Mup - ok

22:05:32.0291 6024        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

22:05:32.0346 6024        napagent - ok

22:05:32.0389 6024        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

22:05:32.0429 6024        NativeWifiP - ok

22:05:32.0498 6024        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

22:05:32.0543 6024        NDIS - ok

22:05:32.0585 6024        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

22:05:32.0631 6024        NdisTapi - ok

22:05:32.0653 6024        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

22:05:32.0711 6024        Ndisuio - ok

22:05:32.0769 6024        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:05:32.0818 6024        NdisWan - ok

22:05:32.0845 6024        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

22:05:32.0891 6024        NDProxy - ok

22:05:32.0925 6024        Netaapl         (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys

22:05:32.0934 6024        Netaapl ( UnsignedFile.Multi.Generic ) - warning

22:05:32.0934 6024        Netaapl - detected UnsignedFile.Multi.Generic (1)

22:05:32.0951 6024        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

22:05:33.0008 6024        NetBIOS - ok

22:05:33.0050 6024        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

22:05:33.0102 6024        netbt - ok

22:05:33.0140 6024        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

22:05:33.0175 6024        Netlogon - ok

22:05:33.0214 6024        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

22:05:33.0279 6024        Netman - ok

22:05:33.0307 6024        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

22:05:33.0370 6024        netprofm - ok

22:05:33.0455 6024        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

22:05:33.0482 6024        NetTcpPortSharing - ok

22:05:33.0535 6024        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

22:05:33.0560 6024        nfrd960 - ok

22:05:33.0590 6024        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

22:05:33.0652 6024        NlaSvc - ok

22:05:33.0695 6024        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

22:05:33.0758 6024        Npfs - ok

22:05:33.0781 6024        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

22:05:33.0840 6024        nsi - ok

22:05:33.0875 6024        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

22:05:33.0943 6024        nsiproxy - ok

22:05:34.0011 6024        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

22:05:34.0149 6024        Ntfs - ok

22:05:34.0190 6024        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

22:05:34.0281 6024        ntrigdigi - ok

22:05:34.0302 6024        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

22:05:34.0358 6024        Null - ok

22:05:34.0386 6024        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

22:05:34.0414 6024        nvraid - ok

22:05:34.0446 6024        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

22:05:34.0472 6024        nvstor - ok

22:05:34.0499 6024        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

22:05:34.0528 6024        nv_agp - ok

22:05:34.0586 6024        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

22:05:34.0633 6024        ohci1394 - ok

22:05:34.0672 6024        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

22:05:34.0753 6024        p2pimsvc - ok

22:05:34.0794 6024        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

22:05:34.0847 6024        p2psvc - ok

22:05:34.0891 6024        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

22:05:34.0994 6024        Parport - ok

22:05:35.0025 6024        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

22:05:35.0053 6024        partmgr - ok

22:05:35.0079 6024        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

22:05:35.0186 6024        Parvdm - ok

22:05:35.0215 6024        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

22:05:35.0255 6024        PcaSvc - ok

22:05:35.0301 6024        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

22:05:35.0333 6024        pci - ok

22:05:35.0361 6024        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys

22:05:35.0386 6024        pciide - ok

22:05:35.0420 6024        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

22:05:35.0448 6024        pcmcia - ok

22:05:35.0522 6024        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

22:05:35.0677 6024        PEAUTH - ok

22:05:35.0742 6024        PID_0928        (03e86718bb5aa2716c7349a854ff6203) C:\Windows\system32\DRIVERS\LV561AV.SYS

22:05:35.0780 6024        PID_0928 - ok

22:05:35.0879 6024        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

22:05:36.0070 6024        pla - ok

22:05:36.0118 6024        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

22:05:36.0178 6024        PlugPlay - ok

22:05:36.0241 6024        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

22:05:36.0313 6024        PNRPAutoReg - ok

22:05:36.0374 6024        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

22:05:36.0476 6024        PNRPsvc - ok

22:05:36.0554 6024        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

22:05:36.0632 6024        PolicyAgent - ok

22:05:36.0686 6024        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

22:05:36.0744 6024        PptpMiniport - ok

22:05:36.0783 6024        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

22:05:36.0838 6024        Processor - ok

22:05:36.0883 6024        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

22:05:36.0949 6024        ProfSvc - ok

22:05:36.0989 6024        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

22:05:37.0024 6024        ProtectedStorage - ok

22:05:37.0060 6024        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

22:05:37.0107 6024        PSched - ok

22:05:37.0166 6024        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

22:05:37.0190 6024        PxHelp20 - ok

22:05:37.0275 6024        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

22:05:37.0409 6024        ql2300 - ok

22:05:37.0445 6024        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

22:05:37.0472 6024        ql40xx - ok

22:05:37.0576 6024        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

22:05:37.0620 6024        QWAVE - ok

22:05:37.0689 6024        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

22:05:37.0730 6024        QWAVEdrv - ok

22:05:37.0753 6024        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

22:05:37.0809 6024        RasAcd - ok

22:05:37.0851 6024        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

22:05:37.0913 6024        RasAuto - ok

22:05:37.0932 6024        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:05:38.0001 6024        Rasl2tp - ok

22:05:38.0046 6024        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

22:05:38.0100 6024        RasMan - ok

22:05:38.0146 6024        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

22:05:38.0203 6024        RasPppoe - ok

22:05:38.0252 6024        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

22:05:38.0290 6024        RasSstp - ok

22:05:38.0332 6024        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

22:05:38.0385 6024        rdbss - ok

22:05:38.0421 6024        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:05:38.0477 6024        RDPCDD - ok

22:05:38.0513 6024        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

22:05:38.0573 6024        rdpdr - ok

22:05:38.0588 6024        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

22:05:38.0645 6024        RDPENCDD - ok

22:05:38.0689 6024        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

22:05:38.0739 6024        RDPWD - ok

22:05:38.0804 6024        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

22:05:38.0864 6024        RemoteAccess - ok

22:05:38.0912 6024        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

22:05:38.0964 6024        RemoteRegistry - ok

22:05:39.0031 6024        rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys

22:05:39.0082 6024        rimmptsk - ok

22:05:39.0102 6024        rimsptsk        (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys

22:05:39.0146 6024        rimsptsk - ok

22:05:39.0161 6024        rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

22:05:39.0227 6024        rismxdp - ok

22:05:39.0254 6024        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

22:05:39.0291 6024        RpcLocator - ok

22:05:39.0352 6024        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

22:05:39.0441 6024        RpcSs - ok

22:05:39.0476 6024        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

22:05:39.0534 6024        rspndr - ok

22:05:39.0595 6024        RTL8169         (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys

22:05:39.0666 6024        RTL8169 - ok

22:05:39.0740 6024        s1029bus        (69013a123a00b3042c260b0056df0152) C:\Windows\system32\DRIVERS\s1029bus.sys

22:05:39.0767 6024        s1029bus - ok

22:05:39.0796 6024        s1029mdfl       (1565fc31f872963fe8af471123d8424c) C:\Windows\system32\DRIVERS\s1029mdfl.sys

22:05:39.0817 6024        s1029mdfl - ok

22:05:39.0841 6024        s1029mdm        (d67a8042ecf6c983ac0e308b36603677) C:\Windows\system32\DRIVERS\s1029mdm.sys

22:05:39.0866 6024        s1029mdm - ok

22:05:39.0909 6024        s1029mgmt       (9ac56f06c1e13a963c82ebd067fdf274) C:\Windows\system32\DRIVERS\s1029mgmt.sys

22:05:39.0933 6024        s1029mgmt - ok

22:05:39.0997 6024        s1029nd5        (00c66c6baafb2747f15f94f15888c94a) C:\Windows\system32\DRIVERS\s1029nd5.sys

22:05:40.0017 6024        s1029nd5 - ok

22:05:40.0055 6024        s1029obex       (6fc093aba554e45755dc2f3896b6c8d7) C:\Windows\system32\DRIVERS\s1029obex.sys

22:05:40.0078 6024        s1029obex - ok

22:05:40.0114 6024        s1029unic       (9979b0e68815394665b2109b03d15fa1) C:\Windows\system32\DRIVERS\s1029unic.sys

22:05:40.0137 6024        s1029unic - ok

22:05:40.0171 6024        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

22:05:40.0206 6024        SamSs - ok

22:05:40.0246 6024        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

22:05:40.0273 6024        sbp2port - ok

22:05:40.0319 6024        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

22:05:40.0372 6024        SCardSvr - ok

22:05:40.0440 6024        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

22:05:40.0509 6024        Schedule - ok

22:05:40.0546 6024        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

22:05:40.0592 6024        SCPolicySvc - ok

22:05:40.0633 6024        sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

22:05:40.0682 6024        sdbus - ok

22:05:40.0722 6024        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

22:05:40.0776 6024        SDRSVC - ok

22:05:40.0947 6024        SeaPort         (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

22:05:40.0975 6024        SeaPort - ok

22:05:41.0007 6024        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:05:41.0099 6024        secdrv - ok

22:05:41.0127 6024        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

22:05:41.0186 6024        seclogon - ok

22:05:41.0205 6024        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

22:05:41.0266 6024        SENS - ok

22:05:41.0293 6024        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

22:05:41.0384 6024        Serenum - ok

22:05:41.0411 6024        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

22:05:41.0514 6024        Serial - ok

22:05:41.0542 6024        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

22:05:41.0598 6024        sermouse - ok

22:05:41.0635 6024        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

22:05:41.0696 6024        SessionEnv - ok

22:05:41.0718 6024        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

22:05:41.0764 6024        sffdisk - ok

22:05:41.0796 6024        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

22:05:41.0852 6024        sffp_mmc - ok

22:05:41.0885 6024        sffp_sd         (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

22:05:41.0931 6024        sffp_sd - ok

22:05:41.0950 6024        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

22:05:42.0055 6024        sfloppy - ok

22:05:42.0091 6024        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

22:05:42.0155 6024        SharedAccess - ok

22:05:42.0199 6024        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

22:05:42.0252 6024        ShellHWDetection - ok

22:05:42.0320 6024        SipIMNDI        (1644c3814e0dae66cd68e39ffb97d869) C:\Windows\system32\DRIVERS\SipIMNDI.sys

22:05:42.0343 6024        SipIMNDI - ok

22:05:42.0381 6024        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

22:05:42.0408 6024        sisagp - ok

22:05:42.0432 6024        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

22:05:42.0459 6024        SiSRaid2 - ok

22:05:42.0479 6024        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

22:05:42.0506 6024        SiSRaid4 - ok

22:05:42.0647 6024        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

22:05:42.0849 6024        slsvc - ok

22:05:42.0894 6024        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

22:05:42.0945 6024        SLUINotify - ok

22:05:42.0992 6024        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

22:05:43.0041 6024        Smb - ok

22:05:43.0093 6024        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

22:05:43.0128 6024        SNMPTRAP - ok

22:05:43.0167 6024        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

22:05:43.0192 6024        spldr - ok

22:05:43.0239 6024        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

22:05:43.0295 6024        Spooler - ok

22:05:43.0324 6024        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

22:05:43.0414 6024        srv - ok

22:05:43.0454 6024        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

22:05:43.0509 6024        srv2 - ok

22:05:43.0543 6024        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

22:05:43.0579 6024        srvnet - ok

22:05:43.0614 6024        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

22:05:43.0676 6024        SSDPSRV - ok

22:05:43.0721 6024        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

22:05:43.0759 6024        SstpSvc - ok

22:05:43.0842 6024        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

22:05:43.0920 6024        stisvc - ok

22:05:43.0967 6024        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

22:05:43.0992 6024        swenum - ok

22:05:44.0038 6024        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

22:05:44.0097 6024        swprv - ok

22:05:44.0146 6024        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

22:05:44.0170 6024        Symc8xx - ok

22:05:44.0194 6024        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

22:05:44.0219 6024        Sym_hi - ok

22:05:44.0246 6024        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

22:05:44.0271 6024        Sym_u3 - ok

22:05:44.0303 6024        SynTP           (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

22:05:44.0334 6024        SynTP - ok

22:05:44.0383 6024        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

22:05:44.0448 6024        SysMain - ok

22:05:44.0479 6024        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

22:05:44.0518 6024        TabletInputService - ok

22:05:44.0556 6024        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

22:05:44.0610 6024        TapiSrv - ok

22:05:44.0630 6024        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

22:05:44.0691 6024        TBS - ok

22:05:44.0762 6024        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

22:05:44.0856 6024        Tcpip - ok

22:05:44.0890 6024        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

22:05:44.0964 6024        Tcpip6 - ok

22:05:45.0010 6024        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

22:05:45.0057 6024        tcpipreg - ok

22:05:45.0123 6024        tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

22:05:45.0171 6024        tdcmdpst - ok

22:05:45.0202 6024        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

22:05:45.0258 6024        TDPIPE - ok

22:05:45.0282 6024        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

22:05:45.0341 6024        TDTCP - ok

22:05:45.0392 6024        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

22:05:45.0443 6024        tdx - ok

22:05:45.0514 6024        TempoMonitoringService (ce0b5d587839614a16480d7b8395ffe9) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

22:05:45.0537 6024        TempoMonitoringService - ok

22:05:45.0562 6024        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

22:05:45.0591 6024        TermDD - ok

22:05:45.0645 6024        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

22:05:45.0727 6024        TermService - ok

22:05:45.0770 6024        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

22:05:45.0812 6024        Themes - ok

22:05:45.0856 6024        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

22:05:45.0914 6024        THREADORDER - ok

22:05:45.0958 6024        TODDSrv         (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe

22:05:45.0987 6024        TODDSrv - ok

22:05:46.0085 6024        TosCoSrv        (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

22:05:46.0118 6024        TosCoSrv - ok

22:05:46.0159 6024        TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

22:05:46.0189 6024        TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning

22:05:46.0189 6024        TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)

22:05:46.0218 6024        tosrfec         (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

22:05:46.0257 6024        tosrfec - ok

22:05:46.0304 6024        tos_sps32       (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

22:05:46.0332 6024        tos_sps32 - ok

22:05:46.0368 6024        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

22:05:46.0430 6024        TrkWks - ok

22:05:46.0470 6024        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

22:05:46.0523 6024        TrustedInstaller - ok

22:05:46.0572 6024        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:05:46.0639 6024        tssecsrv - ok

22:05:46.0691 6024        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

22:05:46.0724 6024        tunmp - ok

22:05:46.0754 6024        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

22:05:46.0788 6024        tunnel - ok

22:05:46.0829 6024        TVALZ           (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

22:05:46.0850 6024        TVALZ - ok

22:05:46.0875 6024        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

22:05:46.0902 6024        uagp35 - ok

22:05:46.0943 6024        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

22:05:46.0996 6024        udfs - ok

22:05:47.0042 6024        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

22:05:47.0104 6024        UI0Detect - ok

22:05:47.0135 6024        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

22:05:47.0162 6024        uliagpkx - ok

22:05:47.0198 6024        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

22:05:47.0232 6024        uliahci - ok

22:05:47.0258 6024        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

22:05:47.0287 6024        UlSata - ok

22:05:47.0316 6024        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

22:05:47.0346 6024        ulsata2 - ok

22:05:47.0376 6024        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

22:05:47.0450 6024        umbus - ok

22:05:47.0498 6024        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

22:05:47.0563 6024        upnphost - ok

22:05:47.0616 6024        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

22:05:47.0660 6024        USBAAPL - ok

22:05:47.0733 6024        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

22:05:47.0779 6024        usbaudio - ok

22:05:47.0848 6024        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

22:05:47.0900 6024        usbccgp - ok

22:05:47.0925 6024        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

22:05:48.0027 6024        usbcir - ok

22:05:48.0094 6024        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

22:05:48.0143 6024        usbehci - ok

22:05:48.0200 6024        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

22:05:48.0253 6024        usbhub - ok

22:05:48.0283 6024        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

22:05:48.0384 6024        usbohci - ok

22:05:48.0420 6024        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

22:05:48.0479 6024        usbprint - ok

22:05:48.0522 6024        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

22:05:48.0575 6024        usbscan - ok

22:05:48.0616 6024        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:05:48.0679 6024        USBSTOR - ok

22:05:48.0717 6024        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

22:05:48.0766 6024        usbuhci - ok

22:05:48.0831 6024        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

22:05:48.0912 6024        usbvideo - ok

22:05:48.0958 6024        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

22:05:49.0016 6024        UxSms - ok

22:05:49.0067 6024        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

22:05:49.0159 6024        vds - ok

22:05:49.0205 6024        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

22:05:49.0263 6024        vga - ok

22:05:49.0300 6024        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

22:05:49.0373 6024        VgaSave - ok

22:05:49.0436 6024        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

22:05:49.0464 6024        viaagp - ok

22:05:49.0495 6024        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

22:05:49.0558 6024        ViaC7 - ok

22:05:49.0591 6024        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

22:05:49.0618 6024        viaide - ok

22:05:49.0665 6024        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

22:05:49.0693 6024        volmgr - ok

22:05:49.0746 6024        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

22:05:49.0793 6024        volmgrx - ok

22:05:49.0838 6024        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

22:05:49.0872 6024        volsnap - ok

22:05:49.0935 6024        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

22:05:49.0963 6024        vsmraid - ok

22:05:50.0025 6024        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

22:05:50.0151 6024        VSS - ok

22:05:50.0196 6024        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

22:05:50.0253 6024        W32Time - ok

22:05:50.0292 6024        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

22:05:50.0390 6024        WacomPen - ok

22:05:50.0433 6024        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:05:50.0506 6024        Wanarp - ok

22:05:50.0524 6024        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

22:05:50.0572 6024        Wanarpv6 - ok

22:05:50.0622 6024        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

22:05:50.0699 6024        wcncsvc - ok

22:05:50.0747 6024        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

22:05:50.0800 6024        WcsPlugInService - ok

22:05:50.0853 6024        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

22:05:50.0881 6024        Wd - ok

22:05:50.0954 6024        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:05:51.0011 6024        Wdf01000 - ok

22:05:51.0049 6024        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

22:05:51.0113 6024        WdiServiceHost - ok

22:05:51.0120 6024        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

22:05:51.0184 6024        WdiSystemHost - ok

22:05:51.0229 6024        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

22:05:51.0273 6024        WebClient - ok

22:05:51.0330 6024        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

22:05:51.0402 6024        Wecsvc - ok

22:05:51.0439 6024        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

22:05:51.0492 6024        wercplsupport - ok

22:05:51.0540 6024        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

22:05:51.0594 6024        WerSvc - ok

22:05:51.0679 6024        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

22:05:51.0713 6024        WinDefend - ok

22:05:51.0729 6024        WinHttpAutoProxySvc - ok

22:05:51.0795 6024        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

22:05:51.0846 6024        Winmgmt - ok

22:05:51.0923 6024        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

22:05:52.0026 6024        WinRM - ok

22:05:52.0097 6024        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

22:05:52.0169 6024        Wlansvc - ok

22:05:52.0218 6024        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

22:05:52.0265 6024        WmiAcpi - ok

22:05:52.0351 6024        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

22:05:52.0421 6024        wmiApSrv - ok

22:05:52.0498 6024        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

22:05:52.0650 6024        WMPNetworkSvc - ok

22:05:52.0764 6024        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

22:05:52.0820 6024        WPCSvc - ok

22:05:52.0884 6024        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

22:05:52.0927 6024        WPDBusEnum - ok

22:05:53.0017 6024        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

22:05:53.0051 6024        WpdUsb - ok

22:05:53.0193 6024        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

22:05:53.0267 6024        WPFFontCache_v0400 - ok

22:05:53.0333 6024        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

22:05:53.0392 6024        ws2ifsl - ok

22:05:53.0463 6024        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

22:05:53.0517 6024        wscsvc - ok

22:05:53.0536 6024        WSearch - ok

22:05:53.0638 6024        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

22:05:53.0776 6024        wuauserv - ok

22:05:53.0872 6024        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:05:53.0931 6024        WUDFRd - ok

22:05:53.0972 6024        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

22:05:54.0036 6024        wudfsvc - ok

22:05:54.0113 6024        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

22:05:54.0296 6024        \Device\Harddisk0\DR0 - ok

22:05:54.0302 6024        Boot (0x1200)   (5a23849b73d7fd867aadc5a8246d8408) \Device\Harddisk0\DR0\Partition0

22:05:54.0304 6024        \Device\Harddisk0\DR0\Partition0 - ok

22:05:54.0334 6024        Boot (0x1200)   (33904090a71228b77843748973e3911f) \Device\Harddisk0\DR0\Partition1

22:05:54.0336 6024        \Device\Harddisk0\DR0\Partition1 - ok

22:05:54.0342 6024        ============================================================

22:05:54.0342 6024        Scan finished

22:05:54.0342 6024        ============================================================

22:05:54.0367 5460        Detected object count: 7

22:05:54.0368 5460        Actual detected object count: 7

22:06:33.0105 5460        ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0105 5460        ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:06:33.0111 5460        Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0111 5460        Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:06:33.0119 5460        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0119 5460        Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:06:33.0124 5460        CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0124 5460        CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:06:33.0130 5460        jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0130 5460        jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:06:33.0136 5460        Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0136 5460        Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:06:33.0141 5460        TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:06:33.0141 5460        TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit quick scan 2012-03-27 22:35:40

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.01.0

Running: 2ib3q81v.exe; Driver: C:\Users\Sabrina\AppData\Local\Temp\fwtoqpow.sys
 
 

---- System - GMER 1.0.15 ----
 

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwMapViewOfSection [0x8AF88498]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwTerminateProcess [0x8AF884C2]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwUnmapViewOfSection [0x8AF884AE]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwYieldExecution [0x8AF88484]

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtMapViewOfSection
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\tdx \Device\Tcp                                                     mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\tdx \Device\Udp                                                     mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:33:32 on 27.03.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 10.0.2
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\Sound Blaster X-Fi Surround 5.1\AudioCS\CTAudCS.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile Device Ethernet Service" (Netaapl) - "Apple Inc." - C:\Windows\System32\DRIVERS\netaapl.sys

"catchme" (catchme) - ? - C:\Users\Sabrina\AppData\Local\Temp\catchme.sys  (File not found)

"fwtoqpow" (fwtoqpow) - ? - C:\Users\Sabrina\AppData\Local\Temp\fwtoqpow.sys  (Hidden registry entry, rootkit activity | File not found)

"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"McAfee Inc." (mfeavfk01) - ? - C:\Windows\system32\drivers\mfeavfk01.sys  (File not found)

"McAfee Inc. mferkdk" (mferkdk) - "McAfee, Inc." - C:\Windows\System32\drivers\mferkdk.sys

"McAfee Inc. mfesmfk" (mfesmfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfesmfk.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"Sony Ericsson Device 1029 driver (WDM)" (s1029bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029bus.sys

"Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)" (s1029nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029nd5.sys

"Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)" (s1029unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029unic.sys

"Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)" (s1029mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029mgmt.sys

"Sony Ericsson Device 1029 USB WMC Modem Driver" (s1029mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029mdm.sys

"Sony Ericsson Device 1029 USB WMC Modem Filter" (s1029mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029mdfl.sys

"Sony Ericsson Device 1029 USB WMC OBEX Interface" (s1029obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1029obex.sys
 

[Explorer]

-----( HKLM\Software\Classes\Protocols\Filter )-----

{3EF5086B-5478-4598-A054-786C45D75692} "McInternetProtocolRoot Class" - "McAfee, Inc." - c:\progra~1\mcafee\msc\mcsniepl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll

{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{C9CF278C-460E-4917-BC43-3F75E6E47D3D} "fluxDVD Shell Information Extractor" - "ACE GmbH" - C:\PROGRA~1\COMMON~1\fluxDVD\Lib\XEB\XEBShell.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson Datei-Manager" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - ? - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll  (File not found) / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\progra~1\mcafee\sitead~1\mcieplg.dll

{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120322184642.dll

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"EADM" - "Electronic Arts" - "C:\Program Files\Origin\Origin.exe" -AutoStart

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"mcui_exe" - "McAfee, Inc." - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll  (File found, but it contains no detailed information)

"EPSON Stylus D78 Series 32MonitorBE" - "SEIKO EPSON CORPORATION" - C:\Windows\system32\E_FLBBGE.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe  (File not found)

"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

"Creative ALchemy AL6 Licensing Service" (Creative ALchemy AL6 Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

"Creative Audio Engine Licensing Service" (Creative Audio Engine Licensing Service) - "Creative Labs" - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

"Creative Audio Service" (CTAudSvcService) - "Creative Technology Ltd" - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Update Service (gupdate)" (gupdate) - ? - C:\Program Files\Google\Update\GoogleUpdate.exe /svc  (File not found)

"Google Update-Dienst (gupdatem)" (gupdatem) - ? - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc  (File not found)

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Program Files\Jumpstart\jswpsapi.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"McAfee Anti-Spam Service" (MSK80Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"McAfee Personal Firewall Service" (McMPFSvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan\mcods.exe

"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Windows\system32\mfevtps.exe

"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Notebook Performance Tuning Service " (TempoMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe

"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe

"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

"TOSHIBA SMART Log Service" (TOSHIBA SMART Log Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 22:34:25
-----------------------------
22:34:25.994 OS Version: Windows 6.0.6002 Service Pack 2
22:34:25.994 Number of processors: 2 586 0xF0D
22:34:25.994 ComputerName: BINAS-PC UserName: Sabrina
22:34:27.913 Initialize success
22:36:01.051 AVAST engine defs: 12032701
22:36:11.800 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"
22:36:17.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:36:17.515 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:36:17.578 Disk 0 MBR read successfully
22:36:17.578 Disk 0 MBR scan
22:36:17.593 Disk 0 Windows VISTA default MBR code
22:36:17.609 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
22:36:17.624 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119078 MB offset 3074048
22:36:17.656 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 117895 MB offset 246945792
22:36:17.671 Disk 0 scanning sectors +488395120
22:36:17.765 Disk 0 scanning C:\Windows\system32\drivers
22:36:31.384 Service scanning
22:36:59.604 Modules scanning
22:37:05.126 Disk 0 trace - called modules:
22:37:05.158 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:37:05.173 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c30288]
22:37:05.189 3 CLASSPNP.SYS[8afc58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8617b028]
22:37:06.546 AVAST engine scan C:\Windows
22:37:10.446 AVAST engine scan C:\Windows\system32
22:43:16.083 AVAST engine scan C:\Windows\system32\drivers
22:43:43.492 AVAST engine scan C:\Users\Sabrina
22:44:35.877 Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"
22:44:35.939 The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-03-27 22:34:25

-----------------------------

22:34:25.994    OS Version: Windows 6.0.6002 Service Pack 2

22:34:25.994    Number of processors: 2 586 0xF0D

22:34:25.994    ComputerName: BINAS-PC  UserName: Sabrina

22:34:27.913    Initialize success

22:36:01.051    AVAST engine defs: 12032701

22:36:11.800    The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"

22:36:17.515    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:36:17.515    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

22:36:17.578    Disk 0 MBR read successfully

22:36:17.578    Disk 0 MBR scan

22:36:17.593    Disk 0 Windows VISTA default MBR code

22:36:17.609    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048

22:36:17.624    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       119078 MB offset 3074048

22:36:17.656    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       117895 MB offset 246945792

22:36:17.671    Disk 0 scanning sectors +488395120

22:36:17.765    Disk 0 scanning C:\Windows\system32\drivers

22:36:31.384    Service scanning

22:36:59.604    Modules scanning

22:37:05.126    Disk 0 trace - called modules:

22:37:05.158    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

22:37:05.173    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86c30288]

22:37:05.189    3 CLASSPNP.SYS[8afc58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8617b028]

22:37:06.546    AVAST engine scan C:\Windows

22:37:10.446    AVAST engine scan C:\Windows\system32

22:43:16.083    AVAST engine scan C:\Windows\system32\drivers

22:43:43.492    AVAST engine scan C:\Users\Sabrina

22:44:35.877    Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"

22:44:35.939    The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"

22:45:10.005    File: C:\Users\Sabrina\AppData\Local\temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen

22:45:10.286    File: C:\Users\Sabrina\AppData\Local\temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen

23:00:43.986    AVAST engine scan C:\ProgramData

23:06:20.004    Scan finished successfully

23:07:14.838    Disk 0 MBR has been saved successfully to "C:\Users\Sabrina\Desktop\MBR.dat"

23:07:14.869    The log file has been saved successfully to "C:\Users\Sabrina\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/28/2012 at 01:59 PM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8389

Trace Rules Database Version: 6201
 

Scan type       : Complete Scan

Total Scan Time : 01:34:23
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Limited User (Administrator User)
 

Memory items scanned      : 686

Memory threats detected   : 0

Registry items scanned    : 34314

Registry threats detected : 0

File items scanned        : 54664

File threats detected     : 26
 

Adware.Tracking Cookie

        delivery.ibanner.de [ C:\USERS\JACK FRANK\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\YBR2B8UA ]

        .msnportal.112.2o7.net [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .atdmt.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zanox.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tracking.quisma.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .unitymedia.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .unitymedia.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tracking.quisma.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .zanox-affiliate.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .adfarm1.adition.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        adfarm1.adition.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .webmasterplan.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .webmasterplan.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .2o7.net [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .traffictrack.de [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .atdmt.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\SABRINA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .lfstmedia.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]

        tracking.mobile.de [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]

        a.visualrevenue.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\SABRINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\382G54K6.DEFAULT\COOKIES.SQLITE ]

NUr Cookies. Was ist mit Malwarebytes?

Sorry.
Hatte ich vergessen. Hier das Log:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.29.03
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19190

Sabrina :: BINAS-PC [Administrator]
 

Schutz: Aktiviert
 

29.03.2012 18:57:43

mbam-log-2012-03-29 (18-57-43).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 364527

Laufzeit: 2 Stunde(n), 58 Minute(n), 56 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Alles klar. Super!! Tausend Dank. Ich dachte schon ich muss den Laptop entsorgen. Wie bekomme ich diese Cookies denn weg oder lässt man die?
Das einzige Problem, welches ich habe sind 2 Links die Firefox gespeichert hat. Eins von Facebook: irgendein Foto-Link und ein Link von der Bank, welches mir schon eher Sorgen macht. Ansonsten ging meine Uhr immer teilweise nicht, diese läuft jetzt allerdings wieder. Kann das damit zutun gehabt haben?