Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ordner werden nur noch als verknüpungen angezeigt (https://www.trojaner-board.de/103613-ordner-nur-noch-verknuepungen-angezeigt.html)

Franzi-654 22.09.2011 21:31
Ordner werden nur noch als verknüpungen angezeigt
 
Guten Tag,
die Ordner auf meinen externen Speichermedien (Stick, Festplatte) sind nur noch als Verknüpfungen dargestellt.Die Ordner sind angeblich nur noch 2kb groß, obwohl die Festplatte weiterhin die volle Kapazität in Anspruch nimmt. Immer wenn ich auf einen Ordner zugreifen will meldet Windows "G:\RECYLER\~\~.exe" konnte nicht gefunden worden. (Den Namen der .exe weiß ich nicht mehr)Ich habe herausgefunden, dass es wohl ein Virus ist, aber weiß nicht weiter. Habt ihr mir rat?

Vielen Dank im voraus für die Hilfe!

LG
Franzi-654

cosinus 22.09.2011 21:35
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Franzi-654 23.09.2011 22:56
Erstmal vielen Dank für die genau Beschreibung und präzise Antwort. Selbst ich als "Null-Checker" habe es verstanden.
Das ist nun der Inhalt der log. Datei. (Ich hab den Inhalt auch nochmal als Anhang dazugefügt)
Wie muss ich denn jetzt fortfahren?

LG Franzi


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=02016d6e571cab4a9ff0113f04d5ea21
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-23 06:37:02
# local_time=2011-09-23 09:37:02 (+0300, Ostafrikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 971378 53330100 1035420 0
# compatibility_mode=5121 16777213 100 75 26535818 30313211 0 0
# compatibility_mode=5893 16776574 66 85 34388956 68426729 0 0
# compatibility_mode=8192 67108863 100 0 464 464 0 0
# scanned=219635
# found=21
# cleaned=0
# scan_time=6143
C:\Users\Franzi\AppData\Local\Temp\hnimjkkubi Win32/Agent.TBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Franzi\Desktop\Tansania September 11\18-19 September.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\17.09.11.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\18-19 September.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Action.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Asterix.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Bedtime Stories.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Comedy.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Die Madagascar Pinguine in vorweihnatlicher Mission.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Dr. House.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Horror.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\How I met your mother.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\New Moon.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\ohr.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Simpsons.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Sissi.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\The Dark Knight (2008).lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Vorstadtkrokodile.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Zoey 101.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I

Franzi-654 24.09.2011 10:43
Hier noch die Malwaredatei.
Ich hoffe jetzt klappts
Dankeschön.

Lg

cosinus 24.09.2011 12:11
Du hast vorher keinen CustomScan gemacht, bitte nachholen

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Franzi-654 24.09.2011 13:18
So das ist nun der OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 24.09.2011 14:44:02 - Run 2
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Franzi\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 74,20% Memory free
7,73 Gb Paging File | 6,06 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 174,57 Gb Free Space | 61,25% Space Free | Partition Type: NTFS
Drive D: | 902,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 14,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.22 23:04:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
PRC - [2011.08.30 19:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.07.08 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 16:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 15:26:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010.06.28 16:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.22 09:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 09:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 09:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.05.27 05:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 19:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 19:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 07:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 07:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 08:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 08:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2009.12.08 09:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.02.23 16:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.17 13:00:23 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92ee010af637035fb97f1829235176c8\IAStorUtil.ni.dll
MOD - [2011.08.15 12:50:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011.08.15 12:49:39 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011.08.15 12:49:31 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011.08.15 12:49:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011.08.15 12:49:14 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011.08.15 12:49:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011.08.15 12:49:04 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011.06.21 16:07:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2010.11.04 22:04:16 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010.08.21 19:20:47 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.21 19:20:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.06.28 16:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.12.15 18:39:02 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2009.12.15 18:39:02 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
MOD - [2009.12.15 18:39:02 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2009.12.15 18:39:02 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2009.12.15 18:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\CallPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.12.15 18:39:02 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.12.15 18:39:02 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2009.05.20 09:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.10.14 00:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010.10.14 00:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010.10.07 23:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010.05.27 07:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010.03.10 12:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009.11.09 21:58:48 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV - [2011.08.30 19:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.08 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.14 00:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2010.07.13 14:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 09:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 19:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 07:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 07:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.08 11:53:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.08 11:53:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 09:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 09:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.10.14 00:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010.10.14 00:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010.10.14 00:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010.10.14 00:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010.10.14 00:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010.10.14 00:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010.10.14 00:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010.10.14 00:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010.07.09 06:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.07.01 19:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010.06.17 12:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.27 08:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 07:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.15 15:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 13:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.20 05:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 13:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.15 11:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010.03.15 11:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010.03.15 11:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010.03.15 11:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010.03.15 11:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2010.01.27 06:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.19 16:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.10.26 10:01:40 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.17 08:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273611108145l04h4z105v47m2255o
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273611108145l04h4z105v47m2255o
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273611108145l04h4z105v47m2255o
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Franzi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.20 22:41:23 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: McAfee SiteAdvisor = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\
CHR - Extension: McAfee SiteAdvisor = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\
 
O1 HOSTS File: ([2010.11.22 19:32:32 | 000,000,765 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101105231845.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105231845.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{551AE57A-BE3A-48C5-835C-5BFC0C2FFED3}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: mfevtp - C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.24 12:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.09.23 19:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.23 19:40:02 | 003,227,592 | ---- | C] (TeamViewer GmbH) -- C:\Users\Franzi\Desktop\TeamViewer_Setup_de.exe
[2011.09.22 23:04:31 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2011.09.22 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.09.22 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2011.09.22 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.22 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.22 21:40:31 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.22 21:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.22 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2011.09.22 18:25:16 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Start Menu
[2011.09.20 16:35:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.06 07:54:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.09.05 23:28:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.05 23:28:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.05 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.09.05 18:04:10 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011.09.05 18:04:10 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011.09.05 18:04:10 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2011.09.05 18:04:10 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011.09.05 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2011.09.04 22:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2011.09.04 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Tansania September 11
[2011.08.29 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Abschiedsparty
[2011.08.29 11:56:41 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PhoenixDll.dll
[2011.08.29 11:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery-Home
[2011.08.29 11:51:46 | 005,395,968 | ---- | C] (Stellar Information Systems Ltd                            ) -- C:\Users\Franzi\Desktop\StellarPhoenixWindowsDataRecovery-Home_PPCC.exe
[2011.08.28 16:33:50 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Media Player Classic
[2011.08.28 16:33:47 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\mplayerc_2kxp_6490_DE
[2011.08.28 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.08.28 16:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.08.27 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\Microsoft Games
[2010.12.29 15:59:39 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeAE20.dll
[2010.08.21 09:49:23 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2 C:\Users\Franzi\Documents\*.tmp files -> C:\Users\Franzi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.24 14:46:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.24 14:46:22 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.24 14:46:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.24 14:46:22 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.24 14:46:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.24 14:11:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.24 14:03:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.24 12:41:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 12:41:55 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 12:34:51 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.24 12:34:49 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011.09.24 12:33:55 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.23 19:40:02 | 003,227,592 | ---- | M] (TeamViewer GmbH) -- C:\Users\Franzi\Desktop\TeamViewer_Setup_de.exe
[2011.09.22 23:28:31 | 000,015,368 | ---- | M] () -- C:\Users\Franzi\Desktop\OTL.zip
[2011.09.22 23:04:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2011.09.22 22:59:13 | 000,000,000 | ---- | M] () -- C:\Users\Franzi\defogger_reenable
[2011.09.22 22:58:20 | 000,050,477 | ---- | M] () -- C:\Users\Franzi\Desktop\Defogger.exe
[2011.09.22 22:31:26 | 433,513,479 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.22 21:40:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:44:19 | 000,000,824 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:30:36 | 000,000,973 | ---- | M] () -- C:\Users\Franzi\Desktop\Unbekanntes Gerät - Verknüpfung.lnk
[2011.09.22 18:23:10 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
[2011.09.21 16:12:42 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.09.05 18:04:16 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.29 12:02:43 | 000,000,620 | ---- | M] () -- C:\Users\Franzi\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2011.08.29 11:51:46 | 005,395,968 | ---- | M] (Stellar Information Systems Ltd                            ) -- C:\Users\Franzi\Desktop\StellarPhoenixWindowsDataRecovery-Home_PPCC.exe
[2011.08.28 16:30:37 | 002,294,580 | ---- | M] () -- C:\Users\Franzi\Desktop\mplayerc_2kxp_6490_DE.zip
[2011.08.28 16:28:31 | 000,284,920 | ---- | M] () -- C:\Users\Franzi\Desktop\SoftonicDownloader_fuer_media-player-classic.exe
[2 C:\Users\Franzi\Documents\*.tmp files -> C:\Users\Franzi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.22 23:28:31 | 000,015,368 | ---- | C] () -- C:\Users\Franzi\Desktop\OTL.zip
[2011.09.22 22:59:13 | 000,000,000 | ---- | C] () -- C:\Users\Franzi\defogger_reenable
[2011.09.22 22:58:13 | 000,050,477 | ---- | C] () -- C:\Users\Franzi\Desktop\Defogger.exe
[2011.09.22 22:42:56 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.09.22 21:40:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:44:19 | 000,000,824 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:30:36 | 000,000,973 | ---- | C] () -- C:\Users\Franzi\Desktop\Unbekanntes Gerät - Verknüpfung.lnk
[2011.09.22 18:23:10 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
[2011.09.05 18:04:16 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.29 11:56:42 | 000,000,620 | ---- | C] () -- C:\Users\Franzi\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2011.08.29 11:56:41 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\StellarProfile.dll
[2011.08.29 11:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\spwdrhag.INI
[2011.08.28 16:30:29 | 002,294,580 | ---- | C] () -- C:\Users\Franzi\Desktop\mplayerc_2kxp_6490_DE.zip
[2011.08.28 16:28:26 | 000,284,920 | ---- | C] () -- C:\Users\Franzi\Desktop\SoftonicDownloader_fuer_media-player-classic.exe
[2011.04.09 21:28:09 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.21 09:49:23 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.08.21 09:49:23 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.08.21 09:49:23 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.08.21 09:37:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.21 09:31:39 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.13 15:07:42 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.13 14:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.13 14:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.07.13 14:15:32 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2009.07.14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.01 11:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
 
========== LOP Check ==========
 
[2011.04.05 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PhotoScape
[2010.12.29 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony
[2010.12.29 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony Setup
[2011.09.22 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2009.07.14 08:08:49 | 000,030,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.03 22:35:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Adobe
[2011.02.02 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Avira
[2011.01.09 15:53:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\CyberLink
[2010.11.05 18:10:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Google
[2010.11.05 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Identities
[2010.11.05 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Intel Corporation
[2010.11.05 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Macromedia
[2011.09.22 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2009.07.14 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Center Programs
[2011.08.28 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Player Classic
[2011.06.22 14:35:19 | 000,000,000 | --SD | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft
[2011.04.05 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PhotoScape
[2011.09.22 21:57:55 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Skype
[2010.12.29 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony
[2010.12.29 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony Setup
[2011.09.22 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2011.04.09 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.12.29 15:58:05 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\Franzi\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 04:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 04:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 09:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 09:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 09:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 09:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 15:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 04:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 04:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 04:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 04:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 16:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 03:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 03:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
--- --- ---

Vielen Dank

Lg Franzi

cosinus 24.09.2011 13:43
Zitat:
SRV - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.10.14 00:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
Diese beiden Virenscanner solle man nicht zusammen betreiben. Deinstalliere einen.

Franzi-654 24.09.2011 17:04
Vielen Dank für den Hinweis und Ihre Geduld.
Ich habe nun McAfee gelöscht. wie geht es denn nun weiter?

LG
Franzi

cosinus 24.09.2011 17:05
Mach bitte ein neues OTL-Custom-Log (siehe Anleitung oben)

Franzi-654 24.09.2011 19:14
Hier nochmal:OTL Logfile:
Code:
OTL logfile created on: 24.09.2011 20:10:10 - Run 5
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Franzi\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,84% Memory free
7,73 Gb Paging File | 6,16 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 180,88 Gb Free Space | 63,47% Space Free | Partition Type: NTFS
Drive D: | 902,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 14,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 596,17 Gb Total Space | 91,84 Gb Free Space | 15,40% Space Free | Partition Type: NTFS
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.22 23:04:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
PRC - [2011.08.30 19:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.07.08 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.14 13:32:42 | 000,329,432 | ---- | M] (facemoods.com) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
PRC - [2011.01.10 16:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 15:26:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010.06.28 16:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.22 09:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 09:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 09:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.05.27 05:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 19:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 19:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 07:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 07:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 08:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 08:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2009.12.08 09:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.02.23 16:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.17 13:00:23 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92ee010af637035fb97f1829235176c8\IAStorUtil.ni.dll
MOD - [2011.08.15 12:50:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011.08.15 12:49:39 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011.08.15 12:49:31 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011.08.15 12:49:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011.08.15 12:49:14 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011.08.15 12:49:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011.08.15 12:49:04 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011.06.21 16:07:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2010.11.04 22:04:16 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010.08.21 19:20:47 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.21 19:20:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.06.28 16:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.12.15 18:39:02 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2009.12.15 18:39:02 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
MOD - [2009.12.15 18:39:02 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2009.12.15 18:39:02 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2009.12.15 18:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\CallPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.12.15 18:39:02 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.12.15 18:39:02 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2009.05.20 09:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.05.27 07:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.09 21:58:48 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV - [2011.08.30 19:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.08 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.13 14:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 09:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 19:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 07:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 07:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.08 11:53:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.08 11:53:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 09:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 09:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.09 06:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.07.01 19:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010.06.17 12:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.27 08:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 07:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.15 15:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 13:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.20 05:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 13:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.15 11:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010.03.15 11:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010.03.15 11:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010.03.15 11:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010.03.15 11:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2010.01.27 06:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.19 16:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.10.26 10:01:40 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.17 08:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Franzi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: McAfee SiteAdvisor = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\
CHR - Extension: McAfee SiteAdvisor = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\
 
O1 HOSTS File: ([2010.11.22 19:32:32 | 000,000,765 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{359E01F3-3474-4347-AC4E-BB6ED6028C65}: NameServer = 41.204.128.15 41.204.129.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{551AE57A-BE3A-48C5-835C-5BFC0C2FFED3}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.02 17:16:48 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2009.08.22 21:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.24 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Virus Problem
[2011.09.23 19:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.22 23:04:31 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2011.09.22 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.09.22 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2011.09.22 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.22 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.22 21:40:31 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.22 21:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.22 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2011.09.22 18:25:16 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Start Menu
[2011.09.20 16:35:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.09.06 07:54:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.09.05 23:28:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.05 23:28:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.05 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.09.05 18:04:10 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011.09.05 18:04:10 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011.09.05 18:04:10 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2011.09.05 18:04:10 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011.09.05 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2011.09.04 22:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2011.09.04 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Tansania September 11
[2011.08.29 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Abschiedsparty
[2011.08.29 11:56:41 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PhoenixDll.dll
[2011.08.29 11:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery-Home
[2011.08.29 11:51:46 | 005,395,968 | ---- | C] (Stellar Information Systems Ltd                            ) -- C:\Users\Franzi\Desktop\StellarPhoenixWindowsDataRecovery-Home_PPCC.exe
[2011.08.28 16:33:50 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Media Player Classic
[2011.08.28 16:33:47 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\mplayerc_2kxp_6490_DE
[2011.08.28 16:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.08.28 16:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.08.27 23:34:16 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Local\Microsoft Games
[2010.12.29 15:59:39 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeAE20.dll
[2010.08.21 09:49:23 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2 C:\Users\Franzi\Documents\*.tmp files -> C:\Users\Franzi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.24 20:11:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.24 20:11:27 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.24 20:11:27 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.24 20:11:27 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.24 20:11:27 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.24 20:11:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.24 19:00:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 19:00:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 18:51:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.24 18:50:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.24 18:50:08 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.22 23:04:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2011.09.22 22:59:13 | 000,000,000 | ---- | M] () -- C:\Users\Franzi\defogger_reenable
[2011.09.22 22:31:26 | 433,513,479 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.22 21:40:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:44:19 | 000,000,824 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:23:10 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
[2011.09.21 16:12:42 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.09.05 18:04:16 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.29 12:02:43 | 000,000,620 | ---- | M] () -- C:\Users\Franzi\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2011.08.29 11:51:46 | 005,395,968 | ---- | M] (Stellar Information Systems Ltd                            ) -- C:\Users\Franzi\Desktop\StellarPhoenixWindowsDataRecovery-Home_PPCC.exe
[2011.08.28 16:30:37 | 002,294,580 | ---- | M] () -- C:\Users\Franzi\Desktop\mplayerc_2kxp_6490_DE.zip
[2011.08.28 16:28:31 | 000,284,920 | ---- | M] () -- C:\Users\Franzi\Desktop\SoftonicDownloader_fuer_media-player-classic.exe
[2 C:\Users\Franzi\Documents\*.tmp files -> C:\Users\Franzi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.22 22:59:13 | 000,000,000 | ---- | C] () -- C:\Users\Franzi\defogger_reenable
[2011.09.22 22:42:56 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.09.22 21:40:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:44:19 | 000,000,824 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:23:10 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
[2011.09.05 18:04:16 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.29 11:56:42 | 000,000,620 | ---- | C] () -- C:\Users\Franzi\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2011.08.29 11:56:41 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\StellarProfile.dll
[2011.08.29 11:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\spwdrhag.INI
[2011.08.28 16:30:29 | 002,294,580 | ---- | C] () -- C:\Users\Franzi\Desktop\mplayerc_2kxp_6490_DE.zip
[2011.08.28 16:28:26 | 000,284,920 | ---- | C] () -- C:\Users\Franzi\Desktop\SoftonicDownloader_fuer_media-player-classic.exe
[2011.04.09 21:28:09 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.21 09:49:23 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.08.21 09:49:23 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.08.21 09:49:23 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.08.21 09:37:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.21 09:31:39 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.13 15:07:42 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.13 14:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.13 14:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.07.13 14:15:32 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2009.07.14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.01 11:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
 
========== LOP Check ==========
 
[2011.04.05 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PhotoScape
[2010.12.29 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony
[2010.12.29 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony Setup
[2011.09.22 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2009.07.14 08:08:49 | 000,030,842 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
--- --- ---

Lg Franzi

Franzi-654 27.09.2011 14:34
Guten Tag,
wie darf ich denn nun mit meinem Trojanerproblem fortfahren? Ich hoffe, dass es noch eine Möglichkeit gibt, wieder alles in den Griff zu kriegen.
Vielen Dank schonmal im vorraus und liebe und geduldige Grüße aus dem fernen Tansania, in dem ich mich gerade befinde.
Franzi

cosinus 27.09.2011 15:12
Sry hab deinen Beitrag übersehen. Kann schonmal vorkommen bei den 150 Postings, die ich am Tag verfasse ;)

Du hast leider keinen CustomScan gemacht. Ich wollte ein neues Log davon sehen.

Franzi-654 27.09.2011 18:34
Ich hoffe, dass ich es nun richtig gemacht habe :) Tut mir sehr leid, dass ich mich etwas blöd anstelle, aber ich bin ein totaler Neuling in diesem System!OTL Logfile:
Code:
OTL logfile created on: 27.09.2011 19:04:27 - Run 6
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Franzi\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 67,16% Memory free
7,73 Gb Paging File | 6,07 Gb Available in Paging File | 78,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,99 Gb Total Space | 181,20 Gb Free Space | 63,58% Space Free | Partition Type: NTFS
Drive D: | 902,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.22 23:04:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
PRC - [2011.08.30 19:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.07.08 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 16:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.07 15:26:55 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010.06.28 16:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010.06.28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010.06.22 09:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.06.22 09:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.06.22 09:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.05.27 05:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010.04.13 19:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 19:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.18 07:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.18 07:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.03.11 08:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010.03.11 08:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010.03.06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
PRC - [2009.12.08 09:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.02.23 16:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.17 13:00:23 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92ee010af637035fb97f1829235176c8\IAStorUtil.ni.dll
MOD - [2011.08.15 12:50:12 | 011,807,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1f8e3dde1c848c4c5ee635aa0dcfcfdd\System.Web.ni.dll
MOD - [2011.08.15 12:50:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\456d5e9d3a0a37697ab28c150e9ac5b7\System.Runtime.Remoting.ni.dll
MOD - [2011.08.15 12:49:39 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad9c2f4737e1e07fa774af31a7d74235\System.Windows.Forms.ni.dll
MOD - [2011.08.15 12:49:31 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eba4ec48e3f7f16864c6d96f510fafd9\System.Drawing.ni.dll
MOD - [2011.08.15 12:49:19 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cea5d9b8e3d6ff3bf3be32cf5fcbcd02\WindowsBase.ni.dll
MOD - [2011.08.15 12:49:14 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\155679a9c8991cc33f90d6b27bac1977\System.Xml.ni.dll
MOD - [2011.08.15 12:49:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\0bddc91cbf37d143f08f6684b2919566\System.Configuration.ni.dll
MOD - [2011.08.15 12:49:04 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\610374fef100556da252243e673ac64b\System.ni.dll
MOD - [2011.06.21 16:07:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll
MOD - [2011.03.15 08:13:46 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.11.04 22:04:16 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2010.08.21 19:20:47 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.21 19:20:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.06.28 16:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.12.15 18:39:02 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NDISAPI.dll
MOD - [2009.12.15 18:39:02 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\atcomm.dll
MOD - [2009.12.15 18:39:02 | 000,536,576 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\Mobile Partner.exe
MOD - [2009.12.15 18:39:02 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DetectDev.dll
MOD - [2009.12.15 18:39:02 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\SMSPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\FileManager.dll
MOD - [2009.12.15 18:39:02 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DialUpPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\CallPlugin.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\XCodec.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\DeviceOperate.dll
MOD - [2009.12.15 18:39:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.12.15 18:39:02 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.12.15 18:39:02 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner\isaputrace.dll
MOD - [2009.05.20 09:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.05.27 07:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.09 21:58:48 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV - [2011.08.30 19:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.07.08 11:53:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 01:10:03 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.13 14:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.28 16:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.06.22 09:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.04.13 19:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 07:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.18 07:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.08 11:53:58 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.08 11:53:58 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 09:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 09:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.09 06:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010.07.01 19:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010.06.17 12:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.27 08:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.27 07:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.15 15:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010.05.11 13:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.04.20 05:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.13 13:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.15 11:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm)
DRV:64bit: - [2010.03.15 11:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV:64bit: - [2010.03.15 11:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2010.03.15 11:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex)
DRV:64bit: - [2010.03.15 11:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV:64bit: - [2010.01.27 06:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.19 16:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.10.26 10:01:40 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.17 08:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 04:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Franzi\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.151\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: McAfee SiteAdvisor = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.11.118.1_0\
CHR - Extension: McAfee SiteAdvisor = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\
 
O1 HOSTS File: ([2010.11.22 19:32:32 | 000,000,765 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{551AE57A-BE3A-48C5-835C-5BFC0C2FFED3}: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.24 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Virus Problem
[2011.09.23 19:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.09.22 23:04:31 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2011.09.22 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.09.22 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2011.09.22 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.22 21:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.22 21:40:31 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.22 21:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.22 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2011.09.22 18:25:16 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Start Menu
[2011.09.06 07:54:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.09.05 23:28:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.09.05 23:28:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.09.05 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.09.05 18:04:10 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011.09.05 18:04:10 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011.09.05 18:04:10 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2011.09.05 18:04:10 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011.09.05 18:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2011.09.04 22:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2011.09.04 15:42:13 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Tansania September 11
[2011.08.29 15:47:06 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Abschiedsparty
[2011.08.29 11:56:41 | 001,207,808 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\PhoenixDll.dll
[2011.08.29 11:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery-Home
[2011.08.29 11:51:46 | 005,395,968 | ---- | C] (Stellar Information Systems Ltd                            ) -- C:\Users\Franzi\Desktop\StellarPhoenixWindowsDataRecovery-Home_PPCC.exe
[2010.12.29 15:59:39 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeAE20.dll
[2010.08.21 09:49:23 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe
[2 C:\Users\Franzi\Documents\*.tmp files -> C:\Users\Franzi\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.27 19:06:12 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.27 19:06:12 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.27 19:06:12 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.27 19:06:12 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.27 19:06:12 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.27 18:48:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.27 15:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.26 22:39:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.26 22:39:01 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.26 22:38:12 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.26 15:41:26 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.22 23:04:31 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2011.09.22 22:59:13 | 000,000,000 | ---- | M] () -- C:\Users\Franzi\defogger_reenable
[2011.09.22 22:31:26 | 433,513,479 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.09.22 21:40:36 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:44:19 | 000,000,824 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:23:10 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
[2011.09.21 16:12:42 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.09.05 18:04:16 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.29 12:02:43 | 000,000,620 | ---- | M] () -- C:\Users\Franzi\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2011.08.29 11:51:46 | 005,395,968 | ---- | M] (Stellar Information Systems Ltd                            ) -- C:\Users\Franzi\Desktop\StellarPhoenixWindowsDataRecovery-Home_PPCC.exe
[2 C:\Users\Franzi\Documents\*.tmp files -> C:\Users\Franzi\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.22 22:59:13 | 000,000,000 | ---- | C] () -- C:\Users\Franzi\defogger_reenable
[2011.09.22 22:42:56 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.09.22 21:40:36 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:44:19 | 000,000,824 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:23:10 | 000,000,000 | -H-- | C] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
[2011.09.05 18:04:16 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.08.29 11:56:42 | 000,000,620 | ---- | C] () -- C:\Users\Franzi\Desktop\Stellar Phoenix Windows Data Recovery-Home.lnk
[2011.08.29 11:56:41 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\StellarProfile.dll
[2011.08.29 11:56:41 | 000,000,020 | ---- | C] () -- C:\Windows\spwdrhag.INI
[2011.04.09 21:28:09 | 000,000,063 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.21 09:49:23 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.08.21 09:49:23 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010.08.21 09:49:23 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010.08.21 09:37:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.21 09:31:39 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.07.13 15:07:42 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.07.13 14:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.13 14:16:01 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2010.07.13 14:15:32 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2009.07.14 08:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 05:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 03:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 02:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.14 00:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.11 00:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.01 11:48:16 | 000,053,478 | ---- | C] () -- C:\Windows\mvtcpui.ini
 
========== LOP Check ==========
 
[2011.04.05 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PhotoScape
[2010.12.29 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony
[2010.12.29 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony Setup
[2011.09.22 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2009.07.14 08:08:49 | 000,031,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.03 22:35:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Adobe
[2011.02.02 23:01:55 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Avira
[2011.01.09 15:53:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\CyberLink
[2010.11.05 18:10:46 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Google
[2010.11.05 18:04:32 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Identities
[2010.11.05 18:05:05 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Intel Corporation
[2010.11.05 18:04:59 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Macromedia
[2011.09.22 21:40:47 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2009.07.14 10:44:38 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Center Programs
[2011.08.28 16:33:58 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Player Classic
[2011.06.22 14:35:19 | 000,000,000 | --SD | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft
[2011.04.05 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PhotoScape
[2011.09.27 18:20:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Skype
[2010.12.29 15:55:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony
[2010.12.29 15:56:28 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Sony Setup
[2011.09.22 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2011.04.09 21:29:14 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2010.12.29 15:58:05 | 033,850,672 | ---- | M] (Apple Inc.) -- C:\Users\Franzi\AppData\Roaming\Sony Setup\9234765D-29DF-48d0-93FB-284B7B6009B9\QuickTimeInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 04:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 04:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 04:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 04:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.04.13 04:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.04.13 19:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys
[2010.04.13 04:35:20 | 000,435,736 | ---- | M] (Intel Corporation) MD5=E11ED9B1EA60E747655E1090C7509D08 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 16:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 09:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 09:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 09:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 09:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 04:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 04:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 16:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 15:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 04:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 04:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 09:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 09:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 09:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 09:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 16:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 04:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 04:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 15:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 16:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 15:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 04:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 04:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 04:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 04:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 16:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 15:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 04:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 04:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 16:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 04:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 04:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 03:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 03:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.06.21 08:34:48 | 010,989,568 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
--- --- ---


LG Franzi

cosinus 27.09.2011 19:38
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Search Protection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK =  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\Shell\AutoRun\command - "" = E:\Startme.exe
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell - "" = AutoRun
O33 - MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell - "" = AutoRun
O33 - MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.09.06 07:54:21 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.09.22 20:44:19 | 000,000,824 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK
[2011.09.22 20:43:50 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED
[2011.09.22 18:23:10 | 000,000,000 | -H-- | M] () -- C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
:Files
C:\Program Files (x86)\facemoods.com
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Franzi-654 28.09.2011 16:54
So:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Search Protection deleted successfully.
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe moved successfully.
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a88c6c4-dd2f-11e0-8ff2-88ae1d7de336}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d382842-129f-11e0-928b-88ae1d7de336}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d382842-129f-11e0-928b-88ae1d7de336}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d382842-129f-11e0-928b-88ae1d7de336}\ not found.
File E:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26ad4091-d964-11e0-9948-88ae1d7de336}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26ad4091-d964-11e0-9948-88ae1d7de336}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26ad4091-d964-11e0-9948-88ae1d7de336}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d365a7ea-c722-11e0-97b6-46ac4c7167bc}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d365a87b-c722-11e0-97b6-46ac4c7167bc}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d365a881-c722-11e0-97b6-46ac4c7167bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d365a881-c722-11e0-97b6-46ac4c7167bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d365a881-c722-11e0-97b6-46ac4c7167bc}\ not found.
File E:\AutoRun.exe not found.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
File C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DF4000F4414E54DF4000F4.LNK not found.
C:\Users\Franzi\AppData\Roaming\JE6ADL6MrgED moved successfully.
C:\Users\Franzi\AppData\Roaming\r7t6Gdf6dj7G moved successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
========== FILES ==========
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8 folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods folder moved successfully.
C:\Program Files (x86)\facemoods.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Franzi
->Temp folder emptied: 271896088 bytes
->Temporary Internet Files folder emptied: 172092092 bytes
->Java cache emptied: 655480 bytes
->Google Chrome cache emptied: 35627218 bytes
->Flash cache emptied: 27731 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94648200 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 3954906705 bytes

Total Files Cleaned = 4.320,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 09282011_181212

Files\Folders moved on Reboot...
File\Folder C:\Users\Franzi\AppData\Local\Temp\OICE_FB213AC7-9550-4C3F-8654-D4C307D78C9B.0\1DA5FD1E. not found!
File\Folder C:\Users\Franzi\AppData\Local\Temp\OICE_F9921ED1-89FE-4560-8F0E-220E9E279824.0\C1F2CCB8. not found!
File\Folder C:\Users\Franzi\AppData\Local\Temp\OICE_D1B884DA-60E5-4E29-9090-E9522AA81416.0\BAAA65A. not found!
File\Folder C:\Users\Franzi\AppData\Local\Temp\OICE_786D5F7A-1819-438F-B0AB-E7E3ADC24A10.0\57761513. not found!
File\Folder C:\Users\Franzi\AppData\Local\Temp\OICE_3539AC22-7517-4CAC-8874-F0C68B1A50C6.0\50EA47DD. not found!
File\Folder C:\Users\Franzi\AppData\Local\Temp\OICE_2FCE4F6F-55BB-46B0-8A8B-33B00E1C62E3.0\668CED17. not found!
C:\Users\Franzi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Dankeschön :)

Lg Franzi

cosinus 28.09.2011 19:29
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Franzi-654 29.09.2011 15:52
Ich hab die Datei als Anhang mal dazugefügt.

lg Franzi:rolleyes:

cosinus 29.09.2011 18:45
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Franzi-654 29.09.2011 19:37
Danke :)

Combofix Logfile:
Code:
ComboFix 11-09-29.06 - Franzi 29.09.2011  21:18:07.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3959.2766 [GMT 3:00]
ausgeführt von:: c:\users\Franzi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\programdata\FullRemove.exe
c:\programdata\hpeAE20.dll
c:\users\Franzi\Documents\~WRL1438.tmp
c:\users\Franzi\Documents\~WRL2191.tmp
G:\Autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-08-28 bis 2011-09-29  ))))))))))))))))))))))))))))))
.
.
2011-09-29 18:24 . 2011-09-29 18:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-09-28 15:12 . 2011-09-28 15:12        --------        d-----w-        C:\_OTL
2011-09-27 14:07 . 2011-09-21 06:00        9049936        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D483F914-CD32-4B03-B99B-D99E08776F6E}\mpengine.dll
2011-09-24 16:54 . 2011-05-24 16:14        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-09-23 16:46 . 2011-09-23 16:46        --------        d-----w-        c:\program files (x86)\ESET
2011-09-22 19:42 . 2011-09-22 19:42        --------        d-----w-        c:\program files (x86)\TeamViewer
2011-09-22 18:40 . 2011-09-22 18:40        --------        d-----w-        c:\users\Franzi\AppData\Roaming\Malwarebytes
2011-09-22 18:40 . 2011-09-22 18:40        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-22 18:40 . 2011-09-22 18:40        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-22 18:40 . 2011-08-31 14:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-22 18:09 . 2011-09-22 18:09        --------        d-----w-        c:\users\Franzi\AppData\Roaming\TeamViewer
2011-09-05 20:28 . 2011-09-05 20:28        --------        d-----w-        c:\windows\SysWow64\Wat
2011-09-05 20:28 . 2011-09-05 20:28        --------        d-----w-        c:\windows\system32\Wat
2011-09-05 15:04 . 2009-12-07 17:53        117504        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2011-09-05 15:04 . 2009-12-07 17:36        246224        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2011-09-05 15:04 . 2009-10-12 13:23        114304        ----a-w-        c:\windows\system32\drivers\ewusbdev.sys
2011-09-05 15:04 . 2007-08-09 02:10        29696        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2011-09-05 15:03 . 2011-09-05 15:04        --------        d-----w-        c:\program files (x86)\Mobile Partner
2011-09-04 19:40 . 2011-09-04 19:40        --------        d-----w-        c:\programdata\Sandlot Games
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-22 05:35 . 2011-08-10 21:40        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-10 21:40        1638912        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-10 21:41        362496        ----a-w-        c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-10 21:41        243200        ----a-w-        c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-10 21:41        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-10 21:41        214528        ----a-w-        c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-10 21:41        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-10 21:41        422400        ----a-w-        c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-10 21:41        338432        ----a-w-        c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-10 21:41        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-10 21:41        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-10 21:41        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-10 21:41        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-10 21:41        272384        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-10 21:41        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-10 21:41        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-10 21:41        2048        ----a-w-        c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-10 21:41        6144        ---ha-w-        c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:41        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:41        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-10 21:41        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14 . 2011-08-24 13:00        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-07-09 04:30 . 2011-08-24 13:00        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2011-07-09 02:44 . 2011-08-10 21:41        287744        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-07-08 08:53 . 2011-02-02 17:00        123784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-07-08 08:53 . 2011-02-02 17:00        88288        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2009-12-08 774144]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-04 6174008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 135664]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 15:23]
.
2011-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05 15:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-YSearchProtection - c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
AddRemove-Stellar Phoenix Windows Data Recovery-Home_is1 - d:\stellar phoenix windows data recovery\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-29  21:31:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-29 18:31
.
Vor Suchlauf: 9 Verzeichnis(se), 195.940.184.064 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 196.363.870.208 Bytes frei
.
- - End Of File - - 540D29914DEEAA2F5FAD01FDEFED49A9
--- --- ---

Lg Franzi

cosinus 29.09.2011 19:43
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Franzi-654 29.09.2011 21:05
So nun die aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-29 22:19:43
-----------------------------
22:19:43.509 OS Version: Windows x64 6.1.7600
22:19:43.509 Number of processors: 4 586 0x2505
22:19:43.509 ComputerName: FRANZI-PC UserName: Franzi
22:19:44.195 Initialize success
22:32:53.344 AVAST engine defs: 11092900
22:33:00.395 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:33:00.395 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
22:33:00.411 Disk 0 MBR read successfully
22:33:00.411 Disk 0 MBR scan
22:33:00.427 Disk 0 Windows 7 default MBR code
22:33:00.442 Service scanning
22:33:01.909 Modules scanning
22:33:01.909 Disk 0 trace - called modules:
22:33:01.924 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:33:01.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fda060]
22:33:01.940 3 CLASSPNP.SYS[fffff88001b6a43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fdc050]
22:33:03.765 AVAST engine scan C:\Windows
22:33:09.365 AVAST engine scan C:\Windows\system32
22:34:47.880 AVAST engine scan C:\Windows\system32\drivers
22:34:59.158 AVAST engine scan C:\Users\Franzi
22:50:21.728 AVAST engine scan C:\ProgramData
22:52:42.831 Scan finished successfully
22:54:31.968 Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:54:31.984 The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"


Lg Franzi

cosinus 29.09.2011 21:58
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Franzi-654 02.10.2011 14:17
So nun die ganzen Dateien :
SUPERAntiSpyware

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/01/2011 at 09:15 PM

Application Version : 5.0.1128

Core Rules Database Version : 7745
Trace Rules Database Version: 5557

Scan type : Complete Scan
Total Scan Time : 03:48:36

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Administrator

Memory items scanned : 643
Memory threats detected : 0
Registry items scanned : 72078
Registry threats detected : 0
File items scanned : 174914
File threats detected : 415

Adware.Tracking Cookie
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@adx.chip[1].txt [ /adx.chip ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@adx.chip[2].txt [ /adx.chip ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@doubleclick[1].txt [ /doubleclick ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@partypoker[2].txt [ /partypoker ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@serving-sys[2].txt [ /serving-sys ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@smartadserver[2].txt [ /smartadserver ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@smartadserver[3].txt [ /smartadserver ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@smartadserver[4].txt [ /smartadserver ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@statse.webtrendslive[2].txt [ /statse.webtrendslive ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\1PLADMJ9.txt [ /mediaplex.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\BK7Z78CQ.txt [ /doubleclick.net ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\KUB9XH1W.txt [ /tracking.mindshare.de ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\RK93IYZG.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\404VQPOV.txt [ /ad.yieldmanager.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\THNN4Q8L.txt [ /zanox.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\QCXEMNFS.txt [ /serving-sys.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\IQWPPQCN.txt [ /ads.jinkads.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\07J0ZG4O.txt [ /tradedoubler.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\0X4N8S90.txt [ /zanox-affiliate.de ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\SGF3GGD5.txt [ /content.yieldmanager.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\0Z2IBBAJ.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\X2F135WW.txt [ /www.etracker.de ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\2FE9OQI4.txt [ /atdmt.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\BV8RDZH0.txt [ /webmasterplan.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\0OX2HBM5.txt [ /tracking.quisma.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\C4SH50VZ.txt [ /imrworldwide.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\MS0T664R.txt [ /ad.zanox.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\N48NNCVI.txt [ /bs.serving-sys.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\B73IC523.txt [ /sevenoneintermedia.112.2o7.net ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\WGFWFRS0.txt [ /apmebf.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\NR62P8KH.txt [ /ads.creative-serving.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\MB3SBR8D.txt [ /adfarm1.adition.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\5Z9FJGSH.txt [ /revsci.net ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\2YWQRXPQ.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\ITTK2C3T.txt [ /content.yieldmanager.com ]
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\CMZOC504.txt [ /traffictrack.de ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZZHNH0PN.txt [ Cookie:franzi@specificclick.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJ1UWKN8.txt [ Cookie:franzi@www.zanox-affiliate.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\34ZDA154.txt [ Cookie:franzi@im.banner.t-online.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@xiti[2].txt [ Cookie:franzi@xiti.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adserver[1].txt [ Cookie:franzi@adserver.gs/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@passende-gedichte-finden[1].txt [ Cookie:franzi@passende-gedichte-finden.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\NKWEDWCO.txt [ Cookie:franzi@zanox.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJPHB1QL.txt [ Cookie:franzi@eas.apm.emediate.eu/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\10R6IZZ7.txt [ Cookie:franzi@2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\XRD5D3LI.txt [ Cookie:franzi@ad.adnet.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@profilbanner[1].txt [ Cookie:franzi@profilbanner.me/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\DJDB0T9A.txt [ Cookie:franzi@ad.adserver01.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adform[3].txt [ Cookie:franzi@adform.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@clicks.pangora[1].txt [ Cookie:franzi@clicks.pangora.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@audiag.112.2o7[1].txt [ Cookie:franzi@audiag.112.2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@cewecolor.112.2o7[1].txt [ Cookie:franzi@cewecolor.112.2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@doubleclick[4].txt [ Cookie:franzi@doubleclick.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\RDDAOQS7.txt [ Cookie:franzi@tradedoubler.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\W62YX42T.txt [ Cookie:franzi@statse.webtrendslive.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@yieldmanager[2].txt [ Cookie:franzi@yieldmanager.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\658L2XQA.txt [ Cookie:franzi@zanox-affiliate.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adsrv1.admediate[2].txt [ Cookie:franzi@adsrv1.admediate.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@komtrack[4].txt [ Cookie:franzi@komtrack.com/tr/104440 ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\0I0OKDPC.txt [ Cookie:franzi@ad1.adfarm1.adition.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\YL2QJIMV.txt [ Cookie:franzi@www.etracker.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@www.burstnet[2].txt [ Cookie:franzi@www.burstnet.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@webmasterplan[3].txt [ Cookie:franzi@webmasterplan.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@rts.pgmediaserve[1].txt [ Cookie:franzi@rts.pgmediaserve.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@ru4[1].txt [ Cookie:franzi@ru4.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BX27QCUX.txt [ Cookie:franzi@adform.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\JLXECDIA.txt [ Cookie:franzi@fastclick.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@fr.sitestat[3].txt [ Cookie:franzi@fr.sitestat.com/eurosport/yahoode/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJXI82MJ.txt [ Cookie:franzi@track.adform.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@eas4.emediate[2].txt [ Cookie:franzi@eas4.emediate.eu/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\9JMF9RPO.txt [ Cookie:franzi@media6degrees.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@de.twstats[2].txt [ Cookie:franzi@de.twstats.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adcentriconline[3].txt [ Cookie:franzi@adcentriconline.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@ice.112.2o7[1].txt [ Cookie:franzi@ice.112.2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\F9Y4P2D6.txt [ Cookie:franzi@google.com/accounts/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@statcounter[2].txt [ Cookie:franzi@statcounter.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@fr.sitestat[4].txt [ Cookie:franzi@fr.sitestat.com/eurosport/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\77WE98LL.txt [ Cookie:franzi@tribalfusion.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@daimlerag.122.2o7[1].txt [ Cookie:franzi@daimlerag.122.2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@sevenoneintermedia.112.2o7[1].txt [ Cookie:franzi@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adbrite[2].txt [ Cookie:franzi@adbrite.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\AH8201JR.txt [ Cookie:franzi@adfarm1.adition.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@ero-advertising[1].txt [ Cookie:franzi@ero-advertising.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@ad2.adfarm1.adition[3].txt [ Cookie:franzi@ad2.adfarm1.adition.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adxpose[2].txt [ Cookie:franzi@adxpose.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\81UPVGIK.txt [ Cookie:franzi@ads.quartermedia.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BRLOT90E.txt [ Cookie:franzi@content.yieldmanager.com/ak/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\59PPZNFB.txt [ Cookie:franzi@traffictrack.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\30KXA5DJ.txt [ Cookie:franzi@mediaplex.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@questionmarket[3].txt [ Cookie:franzi@questionmarket.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\U719QWY7.txt [ Cookie:franzi@ad.dyntracker.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\G0HC1OCO.txt [ Cookie:franzi@www.active-tracking.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@hitbox[2].txt [ Cookie:franzi@hitbox.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\COEFX671.txt [ Cookie:franzi@adtech.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3GT3A7D4.txt [ Cookie:franzi@adx.chip.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\5RNQ8VGU.txt [ Cookie:franzi@www.googleadservices.com/pagead/conversion/1069477206/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@stats.bmw[1].txt [ Cookie:franzi@stats.bmw.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@adserver.adtechus[1].txt [ Cookie:franzi@adserver.adtechus.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@doubleclick[5].txt [ Cookie:franzi@doubleclick.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@stat.dealtime[1].txt [ Cookie:franzi@stat.dealtime.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WWRU8952.txt [ Cookie:franzi@collective-media.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@track.webtrekk[5].txt [ Cookie:franzi@track.webtrekk.de/469359319458199/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@discount24[1].txt [ Cookie:franzi@discount24.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@accounts.youtube[1].txt [ Cookie:franzi@accounts.youtube.com/accounts ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@countomat[1].txt [ Cookie:franzi@countomat.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5LVOGQA.txt [ Cookie:franzi@liveperson.net/hc/85950269 ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@marcopolo.traffective-tracking[1].txt [ Cookie:franzi@marcopolo.traffective-tracking.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@liveperson[2].txt [ Cookie:franzi@liveperson.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@partypoker[2].txt [ Cookie:franzi@partypoker.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@trackhints[3].txt [ Cookie:franzi@trackhints.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@CA78C1W7.txt [ Cookie:franzi@www.googleadservices.com/pagead/conversion/1071490405/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@www.googleadservices[3].txt [ Cookie:franzi@www.googleadservices.com/pagead/conversion/1067519574/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@viewablemedia[1].txt [ Cookie:franzi@viewablemedia.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UUZ96VRW.txt [ Cookie:franzi@paypal.112.2o7.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\1EFM7PSN.txt [ Cookie:franzi@ad.adition.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\2XGJMO1G.txt [ Cookie:franzi@tracking.quisma.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@ehg-worldpay.hitbox[1].txt [ Cookie:franzi@ehg-worldpay.hitbox.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3ROFFNEJ.txt [ Cookie:franzi@ich.adscale.de/adserver-ich/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\UERA44TY.txt [ Cookie:franzi@imrworldwide.com/cgi-bin ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@dealtime[1].txt [ Cookie:franzi@dealtime.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@partners.webmasterplan[2].txt [ Cookie:franzi@partners.webmasterplan.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@dc.tremormedia[1].txt [ Cookie:franzi@dc.tremormedia.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@gostats[1].txt [ Cookie:franzi@gostats.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QOEH4MEU.txt [ Cookie:franzi@unitymedia.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@clickfuse[1].txt [ Cookie:franzi@clickfuse.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\FSQRK2IP.txt [ Cookie:franzi@apmebf.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\SMODZO3O.txt [ Cookie:franzi@invitemedia.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\SZQ9R5SL.txt [ Cookie:franzi@insightexpressai.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QMRSK7Q3.txt [ Cookie:franzi@media-player-classic.softonic.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\9PMDFCQB.txt [ Cookie:franzi@ad3.adfarm1.adition.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@de.partypoker[1].txt [ Cookie:franzi@de.partypoker.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@www.googleadservices[7].txt [ Cookie:franzi@www.googleadservices.com/pagead/conversion/1067039060/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@www.googleadservices[10].txt [ Cookie:franzi@www.googleadservices.com/pagead/conversion/1068470753/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\JAO62FRT.txt [ Cookie:franzi@banner.lv.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\franzi@track.effiliation[2].txt [ Cookie:franzi@track.effiliation.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\6165FA5C.txt [ Cookie:franzi@www.google.de/accounts ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\3NC180DY.txt [ Cookie:franzi@doubleclick.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\QVHSX2Q1.txt [ Cookie:franzi@track.effiliation.com/servlet/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\M2W693PW.txt [ Cookie:franzi@ads20.wwe-media.de/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\HAVCMSCR.txt [ Cookie:franzi@stats.paypal.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\A1H17UR1.txt [ Cookie:franzi@atdmt.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\BX9Q05NE.txt [ Cookie:franzi@ec-track.com/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WA8WGHR9.txt [ Cookie:franzi@www.google.com/accounts ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\WNQASGJ3.txt [ Cookie:franzi@adviva.net/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\X76GANX0.txt [ Cookie:franzi@www.googleadservices.com/pagead/conversion/1062277222/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\6E6JXSZD.txt [ Cookie:franzi@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
C:\USERS\FRANZI\AppData\Roaming\Microsoft\Windows\Cookies\Low\XAGH4726.txt [ Cookie:franzi@traveladvertising.com/ ]
C:\USERS\FRANZI\Cookies\1PLADMJ9.txt [ Cookie:franzi@mediaplex.com/ ]
C:\USERS\FRANZI\Cookies\BK7Z78CQ.txt [ Cookie:franzi@doubleclick.net/ ]
C:\USERS\FRANZI\Cookies\THNN4Q8L.txt [ Cookie:franzi@zanox.com/ ]
C:\USERS\FRANZI\Cookies\07J0ZG4O.txt [ Cookie:franzi@tradedoubler.com/ ]
C:\USERS\FRANZI\Cookies\0X4N8S90.txt [ Cookie:franzi@zanox-affiliate.de/ ]
C:\USERS\FRANZI\Cookies\0Z2IBBAJ.txt [ Cookie:franzi@ad1.adfarm1.adition.com/ ]
C:\USERS\FRANZI\Cookies\X2F135WW.txt [ Cookie:franzi@www.etracker.de/ ]
C:\USERS\FRANZI\Cookies\2FE9OQI4.txt [ Cookie:franzi@atdmt.com/ ]
C:\USERS\FRANZI\Cookies\0OX2HBM5.txt [ Cookie:franzi@tracking.quisma.com/ ]
C:\USERS\FRANZI\Cookies\C4SH50VZ.txt [ Cookie:franzi@imrworldwide.com/cgi-bin ]
C:\USERS\FRANZI\Cookies\B73IC523.txt [ Cookie:franzi@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\FRANZI\Cookies\WGFWFRS0.txt [ Cookie:franzi@apmebf.com/ ]
C:\USERS\FRANZI\Cookies\MB3SBR8D.txt [ Cookie:franzi@adfarm1.adition.com/ ]
C:\USERS\FRANZI\Cookies\2YWQRXPQ.txt [ Cookie:franzi@ad3.adfarm1.adition.com/ ]
C:\USERS\FRANZI\Cookies\ITTK2C3T.txt [ Cookie:franzi@content.yieldmanager.com/ak/ ]
C:\USERS\FRANZI\Cookies\CMZOC504.txt [ Cookie:franzi@traffictrack.de/ ]
.doubleclick.net [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.webmasterplan.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.effiliation.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad3.adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tradedoubler.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zanox.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\FRANZI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s0.2mdn.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\ZYGT6FGZ ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZANOX[4].TXT [ /ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD2.ADFARM1.ADITION[1].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@SERVER.LON.LIVEPERSON[1].TXT [ /SERVER.LON.LIVEPERSON ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.WEBTREKK[2].TXT [ /TRACK.WEBTREKK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRAFFICTRACK[3].TXT [ /TRAFFICTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADBRITE[1].TXT [ /ADBRITE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.JINKADS[1].TXT [ /ADS.JINKADS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@DELIVERY.ATKMEDIA[2].TXT [ /DELIVERY.ATKMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.WEBTREKK[3].TXT [ /TRACK.WEBTREKK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.ADFORM[3].TXT [ /TRACK.ADFORM ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRIBALFUSION[2].TXT [ /TRIBALFUSION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.MINDSHARE[3].TXT [ /TRACKING.MINDSHARE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@GMEUROPE.112.2O7[1].TXT [ /GMEUROPE.112.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@OVERTURE[1].TXT [ /OVERTURE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZANOX[3].TXT [ /ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZBOX.ZANOX[1].TXT [ /ZBOX.ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@FL01.CT2.COMCLICK[2].TXT [ /FL01.CT2.COMCLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ELITEPARTNER[1].TXT [ /ELITEPARTNER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.QUISMA[3].TXT [ /TRACKING.QUISMA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIA.ANTENNE-BAYERN[3].TXT [ /MEDIA.ANTENNE-BAYERN ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@A.REVENUEMAX[1].TXT [ /A.REVENUEMAX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@RTS.PGMEDIASERVE[2].TXT [ /RTS.PGMEDIASERVE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.YIELDMANAGER[3].TXT [ /AD.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@SECMEDIA[2].TXT [ /SECMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.SPORTWERK[1].TXT [ /ADS.SPORTWERK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADX.CHIP[2].TXT [ /ADX.CHIP ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER.EP-SOLUTIONS[1].TXT [ /ADSERVER.EP-SOLUTIONS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@HEARSTUGO.112.2O7[1].TXT [ /HEARSTUGO.112.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@A.REVENUEMAX[2].TXT [ /A.REVENUEMAX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.WEBTREKK[1].TXT [ /TRACK.WEBTREKK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD4.ADFARM1.ADITION[1].TXT [ /AD4.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.KLICKTEL[2].TXT [ /TRACKING.KLICKTEL ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@YADRO[2].TXT [ /YADRO ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZANOX[2].TXT [ /ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.MINDSHARE[2].TXT [ /TRACKING.MINDSHARE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ADC-SERV[2].TXT [ /AD.ADC-SERV ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.ETRACKER[2].TXT [ /WWW.ETRACKER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.YIELDMANAGER[5].TXT [ /AD.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@USER.LUCIDMEDIA[1].TXT [ /USER.LUCIDMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@VINVEST.122.2O7[1].TXT [ /VINVEST.122.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.BRANDWIRE[2].TXT [ /ADS.BRANDWIRE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@EUROS4CLICK[1].TXT [ /EUROS4CLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ADSERVER01[2].TXT [ /AD.ADSERVER01 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFORM[1].TXT [ /ADFORM ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AMSTATS.AWAYMESSAGE[1].TXT [ /AMSTATS.AWAYMESSAGE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER.PLUS[1].TXT [ /ADSERVER.PLUS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ACCOUNT.BETFAIR[2].TXT [ /ACCOUNT.BETFAIR ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIA.ANTENNE-BAYERN[2].TXT [ /MEDIA.ANTENNE-BAYERN ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ZANOX[4].TXT [ /AD.ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.GOOGLEADSERVICES[5].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@RU4[2].TXT [ /RU4 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@UNITYMEDIA[2].TXT [ /UNITYMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@CREATIVDISCOUNT[2].TXT [ /CREATIVDISCOUNT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ZANOX[1].TXT [ /AD.ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.PUBMATIC[1].TXT [ /ADS.PUBMATIC ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WEBORAMA[1].TXT [ /WEBORAMA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@REVSCI[1].TXT [ /REVSCI ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.LANDWIRT[2].TXT [ /ADS.LANDWIRT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@IMRWORLDWIDE[3].TXT [ /IMRWORLDWIDE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.DOTHADS[1].TXT [ /ADS.DOTHADS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@POOBIESEUROPEBV.SOLUTION.WEBORAMA[2].TXT [ /POOBIESEUROPEBV.SOLUTION.WEBORAMA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD2.ADFARM1.ADITION[4].TXT [ /AD2.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD4.ADFARM1.ADITION[3].TXT [ /AD4.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.USENEXT[2].TXT [ /WWW.USENEXT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD1.CHEFKOCH[1].TXT [ /AD1.CHEFKOCH ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ADNET[2].TXT [ /AD.ADNET ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.NCTRACKING[1].TXT [ /WWW.NCTRACKING ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFARM1.ADITION[3].TXT [ /ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.GOOGLEADSERVICES[11].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD1.ADFARM.ADTELLIGENCE[2].TXT [ /AD1.ADFARM.ADTELLIGENCE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@VODAFONEGROUP.122.2O7[1].TXT [ /VODAFONEGROUP.122.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.BURSTNET[1].TXT [ /WWW.BURSTNET ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZANOX-AFFILIATE[2].TXT [ /ZANOX-AFFILIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@SNAPFISH.112.2O7[1].TXT [ /SNAPFISH.112.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.USENEXT[1].TXT [ /WWW.USENEXT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@APMEBF[4].TXT [ /APMEBF ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRADEDOUBLER[4].TXT [ /TRADEDOUBLER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AZJMP[2].TXT [ /AZJMP ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.GAMEFORGE[1].TXT [ /TRACKING.GAMEFORGE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFORM[2].TXT [ /ADFORM ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD3.ADFARM1.ADITION[3].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADINTERAX[2].TXT [ /ADINTERAX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.HANNOVERSCHE[2].TXT [ /TRACKING.HANNOVERSCHE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.ZANOX-AFFILIATE[2].TXT [ /WWW.ZANOX-AFFILIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@STATS.O2MORE[2].TXT [ /STATS.O2MORE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRADEDOUBLER[1].TXT [ /TRADEDOUBLER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@VDWP.SOLUTION.WEBORAMA[2].TXT [ /VDWP.SOLUTION.WEBORAMA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@CONTENT.YIELDMANAGER[4].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER2.CLIPKIT[1].TXT [ /ADSERVER2.CLIPKIT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIABRANDSWW[2].TXT [ /MEDIABRANDSWW ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@STUDIVZ.ADFARM1.ADITION[1].TXT [ /STUDIVZ.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@APMEBF[2].TXT [ /APMEBF ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.360YIELD[2].TXT [ /AD.360YIELD ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@BIZRATE[1].TXT [ /BIZRATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@LIVEPERSON[1].TXT [ /LIVEPERSON ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD-BECK.HOSTING2BUSINESS[1].TXT [ /AD-BECK.HOSTING2BUSINESS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@KOMTRACK[3].TXT [ /KOMTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFARM1.ADITION[5].TXT [ /ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@2O7[1].TXT [ /2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADTECH[2].TXT [ /ADTECH ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD1.ADFARM1.ADITION[1].TXT [ /AD1.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.QUARTERMEDIA[2].TXT [ /ADS.QUARTERMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.ADFORM[4].TXT [ /TRACK.ADFORM ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZEDO[2].TXT [ /ZEDO ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.TRAFFICTRACK[1].TXT [ /WWW.TRAFFICTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIABRANDSWW[3].TXT [ /MEDIABRANDSWW ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.DOODLE[2].TXT [ /ADS.DOODLE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.3GNET[1].TXT [ /TRACKING.3GNET ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@CONTENT.YIELDMANAGER[5].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@APMEBF[1].TXT [ /APMEBF ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.JINKADS[3].TXT [ /ADS.JINKADS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZEDO[3].TXT [ /ZEDO ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER.CLIPSCALE[1].TXT [ /ADSERVER.CLIPSCALE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@IM.BANNER.T-ONLINE[2].TXT [ /IM.BANNER.T-ONLINE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.ADK2[3].TXT [ /ADS.ADK2 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ADITION[2].TXT [ /AD.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@LIVEPERSON[3].TXT [ /LIVEPERSON ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@LFSTMEDIA[2].TXT [ /LFSTMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFARM1.ADITION[7].TXT [ /ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFARM1.ADITION[4].TXT [ /ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@KOMTRACK[5].TXT [ /KOMTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@KOMTRACK[2].TXT [ /KOMTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.MEDIAMARKT[1].TXT [ /WWW.MEDIAMARKT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@STATS.O2MORE[1].TXT [ /STATS.O2MORE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.AD-SRV[1].TXT [ /AD.AD-SRV ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD.ZANOX[2].TXT [ /AD.ZANOX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD2.NMM[1].TXT [ /AD2.NMM ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD3.ADFARM1.ADITION[4].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AD4.ADFARM1.ADITION[2].TXT [ /AD4.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADCENTRICONLINE[1].TXT [ /ADCENTRICONLINE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADECN[2].TXT [ /ADECN ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.ADK2[2].TXT [ /ADS.ADK2 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.BRANDWIRE[1].TXT [ /ADS.BRANDWIRE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.CREAFI[1].TXT [ /ADS.CREAFI ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.CRITIC[2].TXT [ /ADS.CRITIC ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.DIGINIGHTS[1].TXT [ /ADS.DIGINIGHTS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER.ADREACTOR[1].TXT [ /ADSERVER.ADREACTOR ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER.TRAFFICTRACK[2].TXT [ /ADSERVER.TRAFFICTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSERVER2.CLIPKIT[3].TXT [ /ADSERVER2.CLIPKIT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSRV.ADMEDIATE[2].TXT [ /ADSRV.ADMEDIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADSRV1.ADMEDIATE[1].TXT [ /ADSRV1.ADMEDIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADVIVA[1].TXT [ /ADVIVA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@APMEBF[5].TXT [ /APMEBF ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@AUTOSCOUT24.112.2O7[1].TXT [ /AUTOSCOUT24.112.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@BLAU.122.2O7[2].TXT [ /BLAU.122.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@BS.SERVING-SYS[1].TXT [ /BS.SERVING-SYS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@COUNT.ASNETWORKS[1].TXT [ /COUNT.ASNETWORKS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@DATA.COREMETRICS[1].TXT [ /DATA.COREMETRICS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@EAS.APM.EMEDIATE[1].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@EAS.APM.EMEDIATE[3].TXT [ /EAS.APM.EMEDIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@EAS4.EMEDIATE[1].TXT [ /EAS4.EMEDIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@EYEWONDER[2].TXT [ /EYEWONDER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@HIMEDIA.INDIVIDUAD[1].TXT [ /HIMEDIA.INDIVIDUAD ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@KABELBW.112.2O7[1].TXT [ /KABELBW.112.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@KOMTRACK[1].TXT [ /KOMTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@KULTURFINDER-BW[2].TXT [ /KULTURFINDER-BW ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@LEGOLAS-MEDIA[1].TXT [ /LEGOLAS-MEDIA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@LIBRI.112.2O7[1].TXT [ /LIBRI.112.2O7 ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@PARTYPOKER[1].TXT [ /PARTYPOKER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@PROFILBANNER[2].TXT [ /PROFILBANNER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@SERVING-SYS[1].TXT [ /SERVING-SYS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@STATCOUNTER[1].TXT [ /STATCOUNTER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@STUDIVZ.ADFARM1.ADITION[2].TXT [ /STUDIVZ.ADFARM1.ADITION ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.ADFORM[1].TXT [ /TRACK.ADFORM ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACK.WEBTREKK[4].TXT [ /TRACK.WEBTREKK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.9FLATS[2].TXT [ /TRACKING.9FLATS ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.KLICKTEL[1].TXT [ /TRACKING.KLICKTEL ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.MINDSHARE[1].TXT [ /TRACKING.MINDSHARE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.QUISMA[2].TXT [ /TRACKING.QUISMA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRACKING.QUISMA[4].TXT [ /TRACKING.QUISMA ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@USENEXT[1].TXT [ /USENEXT ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.1FREECOUNTER[1].TXT [ /WWW.1FREECOUNTER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.ACTIVE-TRACKING[1].TXT [ /WWW.ACTIVE-TRACKING ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.ETRACKER[1].TXT [ /WWW.ETRACKER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.GOOGLEADSERVICES[4].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@WWW.GOOGLEADSERVICES[9].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@XITI[1].TXT [ /XITI ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
C:\USERS\FRANZI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRANZI@ZANOX[1].TXT [ /ZANOX ]

Malware:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7840

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.10.2011 23:22:26
mbam-log-2011-10-01 (23-22-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 365785
Laufzeit: 2 Stunde(n), 46 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Franzi\start menu\Programs\Startup\wuT2.exe (Trojan.Dropper) -> No action taken.


und ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=02016d6e571cab4a9ff0113f04d5ea21
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-23 06:37:02
# local_time=2011-09-23 09:37:02 (+0300, Ostafrikanische Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 971378 53330100 1035420 0
# compatibility_mode=5121 16777213 100 75 26535818 30313211 0 0
# compatibility_mode=5893 16776574 66 85 34388956 68426729 0 0
# compatibility_mode=8192 67108863 100 0 464 464 0 0
# scanned=219635
# found=21
# cleaned=0
# scan_time=6143
C:\Users\Franzi\AppData\Local\Temp\hnimjkkubi Win32/Agent.TBW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Franzi\Desktop\Tansania September 11\18-19 September.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\17.09.11.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\18-19 September.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Action.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Asterix.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Bedtime Stories.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Comedy.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Die Madagascar Pinguine in vorweihnatlicher Mission.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Dr. House.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Horror.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\How I met your mother.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\New Moon.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\ohr.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Simpsons.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Sissi.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\System Volume Information.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\The Dark Knight (2008).lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Vorstadtkrokodile.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I
G:\Zoey 101.lnk Win32/Dorkbot.D worm (unable to clean) 00000000000000000000000000000000 I

Danke :)
LG Franzi

cosinus 04.10.2011 14:30
Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
Die Funde mit ESET können auch entfernet werden, das sind die "Fake-Ordner" auf dei du klicken solltest als die echten Ordner versteckt waren. Die sind doch alle wieder sichtbar oder?

Franzi-654 05.10.2011 14:34
Die Malwarefunde sind weg.

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7840

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.10.2011 15:40:13
mbam-log-2011-10-05 (15-40-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 366844
Laufzeit: 1 Stunde(n), 22 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Jedoch hatte ich ein Problem die infizierten threads bei ESEST zu löschen. Kann ich einfach so die Verknüpfungen auf meiner externen Festplatte löschen oder benötige ich da ein spezielles (ESET) Programm dazu, welches mir die Ordner runterlöscht?

LG Franzi

cosinus 05.10.2011 16:21
Verknüpfungen sind auch ganz normale Dateien, die man so löschen kann. Man braucht nicht für alles ein spezielles Tool.

Franzi-654 05.10.2011 18:39
Klingt super :) Dann ist mein bösartiger Trojaner vollständig beseitigt?
Vielen, vielen Dank dafür!
Wenn ich wieder ein Problem haben sollte, melde ich mich:daumenhoc

:dankeschoen:

LG aus Tansania

Franzi

cosinus 05.10.2011 20:52
Ist der Rechner denn soweit wieder im Lot?
Da wurden ja nur noch ein Überrest, eben diese besagtem mülligen Verknüpfungen und eine Menge Cookies (harmlos) gefunden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55