Trojaner-Board - RegClean Pro - Rogue Verdacht nach Öffnen eines Fake-Facebookvideos

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - RegClean Pro - Rogue Verdacht nach Öffnen eines Fake-Facebookvideos (https://www.trojaner-board.de/107510-regclean-pro-rogue-verdacht-offnen-fake-facebookvideos.html)

RegClean Pro - Rogue Verdacht nach Öffnen eines Fake-Facebookvideos

Hallo!
Ich habe seit heute ein Problem mit meinem Laptop. Es ist ein Asus Eee Pc mit Windows 7.
Ich arbeitete heute offline mit OpenOffice, als plötzlich ein Pop-Up Fenster auftauchte mit dem Hinweis, meine Registry würde über 300 Fehler aufweisen, welche ich mit dem Programm (RegClean Pro) beseitigen könnte. Allerdings müsste ich das Programm kaufen. Nur 50 % würde kostenlos "entfernt". Erstmal habe ich das Programm nicht selbst installiert und zweitens ist meine Registry laut CCleaner sauber. Ich habe nicht auf den Download Button des Programms geklickt, sondern das Pop-up Fenster so geschlossen. Es ist seitdem trotzdem ein RegClean-Icon auf meinem Desktop zu finden.
Im Laufe des Tages erschien das Pop-up wieder. Ich war auch immer noch offline. Heute Abend wollte ich das Programm per CCleaner deinstallieren, was allerdings nicht funktionierte. Das Pop-up erschien wieder und ließ sich nur per Taskmanager schließen. Ich habe zur Kontrolle Malwarebytes durchlaufen lassen, hat allerdings nichts gefunden. Hier das Log:

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.03.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: MPGF1 [Administrator]

03.01.2012 19:33:54
mbam-log-2012-01-03 (19-33-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 270269
Laufzeit: 1 Stunde(n), 14 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich glaube der Fehler tritt erst auf, seitdem ich bei Facebook auf ein Fake-Video geklickt habe, irgendwas mit einem Riesenpickel.
Ich hoffe, ihr könnt mir helfen!

MfG

Spachtel

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

hallo!
vielen dank für deine antwort. mein bruder hatte mir mbam empfohlen und ich habe es erst installiert nachdem die oben beschriebenen fehler aufgetreten sind. die logdatei stammt daher vom ersten scan mit mbam. mehr habe ich auch noch nicht gemacht.

lg!

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

bin gerade über einen anderen laptop online. führe das programm aus, sobald ich wieder zu hause bin!

vielen, vielen dank schonmal bis hierhin!

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Hey sorry das ich so lange mit meiner Antwort gebraucht habe. War die letzten Tage viel unterwegs, sodass ich nicht die Möglichkeit hatte mich darum zu kümmern. Oben habe ich den ESET-log eingefügt. Ich bedanke mich schonmal sehr für deine Hilfe.

Das hast du überlesen bei ESET => Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Code:

 ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=330b6cb0328c7745ad846e736449a478

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-15 09:52:29

# local_time=2012-01-15 10:52:29 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=512 16777215 100 0 37996275 37996275 0 0

# compatibility_mode=1797 16775165 100 94 3867 63188964 0 0

# compatibility_mode=5893 16776574 66 85 20304213 78283334 0 0

# compatibility_mode=8192 67108863 100 0 857690 857690 0 0

# scanned=65989

# found=0

# cleaned=0

# scan_time=12236

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=330b6cb0328c7745ad846e736449a478

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-18 09:56:24

# local_time=2012-01-18 10:56:24 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=512 16777215 100 0 38257058 38257058 0 0

# compatibility_mode=1797 16775165 100 94 3918 63449747 0 0

# compatibility_mode=5893 16776574 66 85 20564996 78544117 0 0

# compatibility_mode=8192 67108863 100 0 1118473 1118473 0 0

# scanned=114019

# found=0

# cleaned=0

# scan_time=10879

Hey ich hoffe, dass ich dieses Mal alles richtig gemacht habe. Oben habe ich den Eset-log eingefügt. Vielen Dank schonmal für die ganze Hilfe.
lg der spachtel

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo!

sorry, dass ich mich so spät erst wieder melde. hatte die letzten wochen viel zu tun und war ständig unterwegs. war aber dafür auch meistens offline an meinem rechner. hier nun das OTL-Log. hoffe, alles ist richtig so :)

OTL Logfile:

Code:

OTL logfile created on: 07.02.2012 23:16:27 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Flo\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,18 Mb Total Physical Memory | 392,57 Mb Available Physical Memory | 38,71% Memory free

1,99 Gb Paging File | 1,20 Gb Available in Paging File | 60,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 76,39 Gb Free Space | 76,39% Space Free | Partition Type: NTFS

Drive D: | 117,87 Gb Total Space | 117,66 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

 

Computer Name: MPGF1 | User Name: Flo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.07 23:13:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

PRC - [2012.01.12 17:22:41 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe

PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.07.13 08:38:14 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

PRC - [2011.06.29 13:13:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.09.08 02:45:52 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe

PRC - [2010.09.03 19:02:08 | 001,245,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

PRC - [2010.09.02 22:01:42 | 000,095,744 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

PRC - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

PRC - [2010.06.09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe

PRC - [2010.06.07 05:36:18 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe

PRC - [2010.05.29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe

PRC - [2010.03.19 11:30:34 | 000,116,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe

PRC - [2010.03.19 07:56:12 | 000,146,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

PRC - [2010.03.19 07:55:52 | 000,167,408 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

PRC - [2010.03.19 07:55:04 | 000,628,848 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

PRC - [2009.11.19 14:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

PRC - [2009.08.12 11:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.01.17 15:19:06 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.06.29 13:13:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.09.08 02:45:52 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)

SRV - [2010.03.19 07:56:12 | 000,146,808 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.29 13:13:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.29 13:13:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.02.09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.10 10:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.07.20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()

O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2820FA97-9143-4A1E-AE27-CE22DBDA9994}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{E21663EC-B5F9-4842-8303-EE4FDADFEF6D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2030.01.01 15:10:43 | 000,000,000 | -HSD | C] -- C:\Boot

[2012.02.07 23:13:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

[2012.02.06 08:24:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.02.05 19:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2012.01.27 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\SoftGrid Client

[2012.01.27 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2012.01.27 16:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)

[2012.01.27 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2012.01.27 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client

[2012.01.27 16:47:34 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\TP

[2012.01.13 00:50:34 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\geil

[2010.07.06 03:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.07 23:15:33 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.07 23:15:33 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.07 23:13:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

[2012.02.07 23:09:29 | 000,001,414 | ---- | M] () -- C:\Users\Flo\Desktop\Registry kostenlos entrümpeln!.lnk

[2012.02.07 23:06:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.02.07 23:06:47 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.06 08:27:24 | 000,020,461 | ---- | M] () -- C:\Users\Flo\Documents\Rhytmik 1.odt

[2012.02.06 08:24:47 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.02.06 08:24:47 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.02.06 08:24:47 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.02.06 08:24:47 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.02.05 18:01:53 | 000,020,638 | ---- | M] () -- C:\Users\Flo\Documents\Rhytmik.odt

[2012.01.19 16:51:15 | 000,019,302 | ---- | M] () -- C:\Users\Flo\Documents\code.odt

[2012.01.16 17:45:07 | 000,622,072 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 4.odt

[2012.01.16 13:51:48 | 000,622,074 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 3.odt

[2012.01.16 13:22:38 | 000,622,065 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 2.odt

[2012.01.12 22:08:13 | 000,008,898 | ---- | M] () -- C:\Users\Flo\Documents\trojaner.odt

[2012.01.12 21:50:31 | 000,622,093 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig.odt

[2012.01.12 21:28:57 | 000,622,093 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 11.odt

[2012.01.11 18:31:51 | 000,000,268 | ---- | M] () -- C:\windows\tasks\RegClean Pro_UPDATES.job

[2012.01.11 00:03:26 | 000,620,159 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 10.odt

[2012.01.11 00:02:45 | 000,620,150 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 9.odt

[2012.01.09 13:27:34 | 000,619,676 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 7.odt

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2030.01.01 15:10:43 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2012.02.06 08:27:21 | 000,020,461 | ---- | C] () -- C:\Users\Flo\Documents\Rhytmik 1.odt

[2012.02.05 17:58:29 | 000,020,638 | ---- | C] () -- C:\Users\Flo\Documents\Rhytmik.odt

[2012.01.16 17:45:00 | 000,622,072 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 4.odt

[2012.01.16 13:37:28 | 000,622,074 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 3.odt

[2012.01.12 22:45:03 | 000,622,065 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 2.odt

[2012.01.12 22:08:10 | 000,008,898 | ---- | C] () -- C:\Users\Flo\Documents\trojaner.odt

[2012.01.12 21:50:26 | 000,622,093 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig.odt

[2012.01.11 19:44:40 | 000,019,302 | ---- | C] () -- C:\Users\Flo\Documents\code.odt

[2012.01.11 18:16:35 | 000,622,093 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 11.odt

[2012.01.11 00:03:21 | 000,620,159 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 10.odt

[2012.01.10 22:29:21 | 000,620,150 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe 9.odt

[2011.05.16 14:20:28 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2011.05.13 16:41:15 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini

[2011.05.13 16:36:05 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2011.05.13 16:36:05 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010.11.02 01:11:35 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe

[2010.11.02 01:11:35 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini

[2010.11.02 01:09:45 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010.11.02 01:07:49 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys

[2010.11.02 01:04:59 | 000,000,530 | ---- | C] () -- C:\windows\Reboot.ini

[2010.11.02 00:59:44 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe

[2010.11.02 00:59:13 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

[2009.07.26 02:28:45 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009.07.26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009.07.26 02:28:45 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009.07.26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009.07.14 05:33:53 | 000,284,200 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

 
 ========== LOP Check ==========

 

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS WebStorage

[2011.05.13 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\E-Cam

[2012.02.07 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ICQ

[2011.09.21 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenOffice.org

[2012.02.05 20:24:27 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2011.09.21 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Systweak

[2012.01.27 16:51:26 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TP

[2011.12.09 15:01:44 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_DEFAULT.job

[2012.01.11 18:31:51 | 000,000,268 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_UPDATES.job

[2009.07.14 05:53:46 | 000,029,594 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.05.13 16:41:22 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Adobe

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS WebStorage

[2011.06.29 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Avira

[2011.05.13 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\E-Cam

[2012.02.07 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ICQ

[2009.07.14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Identities

[2010.11.02 00:56:59 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\InstallShield

[2010.11.02 01:07:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Macromedia

[2012.01.03 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Malwarebytes

[2012.01.27 16:52:31 | 000,000,000 | --SD | M] -- C:\Users\Flo\AppData\Roaming\Microsoft

[2010.11.02 01:45:35 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Mozilla

[2011.09.21 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenOffice.org

[2012.02.05 20:24:27 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2011.09.21 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Systweak

[2012.01.27 16:51:26 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TP

 
 < %APPDATA%\*.exe /s >

[2011.05.23 12:41:01 | 003,119,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Flo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

übrigens ging kurz bevor ich otl geladen hatte wieder ein scan mit regclean los, welcher sich nicht unterbrechen oder stoppen ließ. dem scan zufolge hatte ich 219 fehler in der registry und mir wurde wieder empfohlen dasprogramm zu kaufen. erst dann konnte ich das fenster und programm per rechtsklick-schließen beenden!
kein plan, was da los ist :/

vielen dank und sorry für die späte rückmeldung. jetzt habe ich wieder mehr zeit :blabla: :daumenhoc

lg spachtel

Ich hab beim OTL-Baustein etwas in der zwishenzeit verändern müssen. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo da bin ich wieder:) Danke schonmal für die ganze Hilfe:)
Hier die neue Log-Datei...

OTL Logfile:

Code:

OTL logfile created on: 12.02.2012 18:31:52 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Flo\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,18 Mb Total Physical Memory | 347,03 Mb Available Physical Memory | 34,22% Memory free

1,99 Gb Paging File | 1,18 Gb Available in Paging File | 59,23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 76,60 Gb Free Space | 76,60% Space Free | Partition Type: NTFS

Drive D: | 117,87 Gb Total Space | 117,66 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

 

Computer Name: MPGF1 | User Name: Flo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.07 23:13:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

PRC - [2012.01.12 17:22:41 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.07.13 08:38:14 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

PRC - [2011.06.29 13:13:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.09.08 02:45:52 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe

PRC - [2010.09.03 19:02:08 | 001,245,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

PRC - [2010.09.02 22:01:42 | 000,095,744 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

PRC - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

PRC - [2010.06.09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe

PRC - [2010.06.07 05:36:18 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe

PRC - [2010.05.29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe

PRC - [2010.03.19 11:30:34 | 000,116,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe

PRC - [2010.03.19 07:56:12 | 000,146,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

PRC - [2010.03.19 07:55:52 | 000,167,408 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

PRC - [2010.03.19 07:55:04 | 000,628,848 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

PRC - [2009.11.19 14:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

PRC - [2009.08.12 11:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.01.17 15:19:06 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010.11.19 17:45:42 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll

MOD - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.06.29 13:13:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.09.08 02:45:52 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)

SRV - [2010.03.19 07:56:12 | 000,146,808 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.29 13:13:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.29 13:13:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.02.09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.10 10:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.07.20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()

O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2820FA97-9143-4A1E-AE27-CE22DBDA9994}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{E21663EC-B5F9-4842-8303-EE4FDADFEF6D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2030.01.01 15:10:43 | 000,000,000 | -HSD | C] -- C:\Boot

[2012.02.07 23:13:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

[2012.02.06 08:24:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.02.05 19:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2012.01.27 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\SoftGrid Client

[2012.01.27 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2012.01.27 16:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)

[2012.01.27 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2012.01.27 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client

[2012.01.27 16:47:34 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\TP

[2010.07.06 03:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.12 18:24:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.12 18:24:07 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.12 18:23:48 | 000,000,088 | -H-- | M] () -- C:\Users\Flo\Documents\.~lock.Beobachtungsaufgabe 2.odt#

[2012.02.12 18:13:09 | 000,001,414 | ---- | M] () -- C:\Users\Flo\Desktop\Registry kostenlos entrümpeln!.lnk

[2012.02.12 18:11:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.02.12 18:11:12 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.07 23:13:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

[2012.02.06 08:27:24 | 000,020,461 | ---- | M] () -- C:\Users\Flo\Documents\Rhytmik 1.odt

[2012.02.06 08:24:47 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.02.06 08:24:47 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.02.06 08:24:47 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.02.06 08:24:47 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.02.05 18:01:53 | 000,020,638 | ---- | M] () -- C:\Users\Flo\Documents\Rhytmik.odt

[2012.01.19 16:51:15 | 000,019,302 | ---- | M] () -- C:\Users\Flo\Documents\code.odt

[2012.01.16 17:45:07 | 000,622,072 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 4.odt

[2012.01.16 13:51:48 | 000,622,074 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 3.odt

[2012.01.16 13:22:38 | 000,622,065 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 2.odt

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2030.01.01 15:10:43 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2012.02.12 18:23:48 | 000,000,088 | -H-- | C] () -- C:\Users\Flo\Documents\.~lock.Beobachtungsaufgabe 2.odt#

[2012.02.06 08:27:21 | 000,020,461 | ---- | C] () -- C:\Users\Flo\Documents\Rhytmik 1.odt

[2012.02.05 17:58:29 | 000,020,638 | ---- | C] () -- C:\Users\Flo\Documents\Rhytmik.odt

[2012.01.16 17:45:00 | 000,622,072 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 4.odt

[2012.01.16 13:37:28 | 000,622,074 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 3.odt

[2011.05.16 14:20:28 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2011.05.13 16:41:15 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini

[2011.05.13 16:36:05 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2011.05.13 16:36:05 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010.11.02 01:11:35 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe

[2010.11.02 01:11:35 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini

[2010.11.02 01:09:45 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010.11.02 01:07:49 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys

[2010.11.02 01:04:59 | 000,000,530 | ---- | C] () -- C:\windows\Reboot.ini

[2010.11.02 00:59:44 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe

[2010.11.02 00:59:13 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

[2009.07.26 02:28:45 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009.07.26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009.07.26 02:28:45 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009.07.26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009.07.14 05:33:53 | 000,284,200 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

 
 ========== LOP Check ==========

 

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS WebStorage

[2011.05.13 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\E-Cam

[2012.02.07 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ICQ

[2011.09.21 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenOffice.org

[2012.02.10 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2011.09.21 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Systweak

[2012.01.27 16:51:26 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TP

[2011.12.09 15:01:44 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_DEFAULT.job

[2012.01.11 18:31:51 | 000,000,268 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_UPDATES.job

[2009.07.14 05:53:46 | 000,030,098 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.05.13 16:41:22 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Adobe

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS WebStorage

[2011.06.29 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Avira

[2011.05.13 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\E-Cam

[2012.02.07 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ICQ

[2009.07.14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Identities

[2010.11.02 00:56:59 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\InstallShield

[2010.11.02 01:07:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Macromedia

[2012.01.03 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Malwarebytes

[2012.01.27 16:52:31 | 000,000,000 | --SD | M] -- C:\Users\Flo\AppData\Roaming\Microsoft

[2010.11.02 01:45:35 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Mozilla

[2011.09.21 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenOffice.org

[2012.02.10 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2011.09.21 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Systweak

[2012.01.27 16:51:26 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TP

 
 < %APPDATA%\*.exe /s >

[2011.05.23 12:41:01 | 003,119,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Flo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Zitat:

Scan Mode: Current user

Du solltest doch den Haken setzen bei Scanne alle Benutzer!

Ich hoffe, dass ich dieses Mal keinen Fehler gemacht habe;)

OTL Logfile:

Code:

OTL logfile created on: 14.02.2012 19:53:17 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Flo\Desktop

 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014,18 Mb Total Physical Memory | 407,98 Mb Available Physical Memory | 40,23% Memory free

1,99 Gb Paging File | 1,15 Gb Available in Paging File | 57,95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 76,08 Gb Free Space | 76,08% Space Free | Partition Type: NTFS

Drive D: | 117,87 Gb Total Space | 117,66 Gb Free Space | 99,82% Space Free | Partition Type: NTFS

 

Computer Name: MPGF1 | User Name: Flo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.07 23:13:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.07.13 08:38:14 | 001,095,080 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

PRC - [2011.06.29 13:13:07 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2010.09.08 02:45:52 | 000,224,680 | ---- | M] () -- C:\Windows\System32\AsusService.exe

PRC - [2010.09.03 19:02:08 | 001,245,104 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe

PRC - [2010.09.02 22:01:42 | 000,095,744 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe

PRC - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

PRC - [2010.06.09 22:26:34 | 000,412,600 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe

PRC - [2010.06.07 05:36:18 | 000,689,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe

PRC - [2010.05.29 00:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe

PRC - [2010.03.19 11:30:34 | 000,116,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe

PRC - [2010.03.19 07:56:12 | 000,146,808 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

PRC - [2010.03.19 07:55:52 | 000,167,408 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

PRC - [2010.03.19 07:55:04 | 000,628,848 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

PRC - [2009.11.19 14:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

PRC - [2009.08.12 11:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe

PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.01.17 15:19:06 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MOD - [2010.11.19 17:45:42 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll

MOD - [2010.06.10 21:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.06.29 13:13:07 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.09.08 02:45:52 | 000,224,680 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)

SRV - [2010.03.19 07:56:12 | 000,146,808 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.29 13:13:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.29 13:13:22 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.02.09 14:03:00 | 000,011,832 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)

DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.10 10:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2009.10.05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009.07.20 10:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

IE - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/br/ie9_startpage

IE - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()

O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKU\S-1-5-21-770839608-2006469700-1870852776-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2820FA97-9143-4A1E-AE27-CE22DBDA9994}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{E21663EC-B5F9-4842-8303-EE4FDADFEF6D} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2030.01.01 15:10:43 | 000,000,000 | -HSD | C] -- C:\Boot

[2012.02.14 19:41:17 | 000,000,000 | ---D | C] -- C:\Users\Flo\4.0

[2012.02.14 19:41:16 | 000,000,000 | ---D | C] -- C:\Users\Flo\.tfo4

[2012.02.07 23:13:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

[2012.02.06 08:24:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.02.05 19:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications

[2012.01.27 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\SoftGrid Client

[2012.01.27 16:51:01 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2012.01.27 16:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)

[2012.01.27 16:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2012.01.27 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client

[2012.01.27 16:47:34 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\TP

[2010.07.06 03:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.14 19:31:09 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 19:31:09 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 19:25:56 | 000,001,414 | ---- | M] () -- C:\Users\Flo\Desktop\Registry kostenlos entrümpeln!.lnk

[2012.02.14 19:23:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.02.14 19:23:11 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.12 18:23:48 | 000,000,088 | -H-- | M] () -- C:\Users\Flo\Documents\.~lock.Beobachtungsaufgabe 2.odt#

[2012.02.07 23:13:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe

[2012.02.06 08:27:24 | 000,020,461 | ---- | M] () -- C:\Users\Flo\Documents\Rhytmik 1.odt

[2012.02.06 08:24:47 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.02.06 08:24:47 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.02.06 08:24:47 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.02.06 08:24:47 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.02.05 18:01:53 | 000,020,638 | ---- | M] () -- C:\Users\Flo\Documents\Rhytmik.odt

[2012.01.19 16:51:15 | 000,019,302 | ---- | M] () -- C:\Users\Flo\Documents\code.odt

[2012.01.16 17:45:07 | 000,622,072 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 4.odt

[2012.01.16 13:51:48 | 000,622,074 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 3.odt

[2012.01.16 13:22:38 | 000,622,065 | ---- | M] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 2.odt

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2030.01.01 15:10:43 | 000,383,562 | RHS- | C] () -- C:\bootmgr

[2012.02.12 18:23:48 | 000,000,088 | -H-- | C] () -- C:\Users\Flo\Documents\.~lock.Beobachtungsaufgabe 2.odt#

[2012.02.06 08:27:21 | 000,020,461 | ---- | C] () -- C:\Users\Flo\Documents\Rhytmik 1.odt

[2012.02.05 17:58:29 | 000,020,638 | ---- | C] () -- C:\Users\Flo\Documents\Rhytmik.odt

[2012.01.16 17:45:00 | 000,622,072 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 4.odt

[2012.01.16 13:37:28 | 000,622,074 | ---- | C] () -- C:\Users\Flo\Documents\Beobachtungsaufgabe fertig 3.odt

[2011.05.16 14:20:28 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2011.05.13 16:41:15 | 000,005,576 | ---- | C] () -- C:\windows\Language.ini

[2011.05.13 16:36:05 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2011.05.13 16:36:05 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010.11.02 01:11:35 | 000,224,680 | ---- | C] () -- C:\windows\System32\AsusService.exe

[2010.11.02 01:11:35 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini

[2010.11.02 01:09:45 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010.11.02 01:07:49 | 000,011,832 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys

[2010.11.02 01:04:59 | 000,000,530 | ---- | C] () -- C:\windows\Reboot.ini

[2010.11.02 00:59:44 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe

[2010.11.02 00:59:13 | 000,014,051 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

[2009.07.26 02:28:45 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009.07.26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009.07.26 02:28:45 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009.07.26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009.07.14 05:33:53 | 000,284,200 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2009.02.26 07:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

 
 ========== LOP Check ==========

 

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS WebStorage

[2011.05.13 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\E-Cam

[2012.02.14 19:33:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ICQ

[2011.09.21 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenOffice.org

[2012.02.14 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2011.09.21 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Systweak

[2012.01.27 16:51:26 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TP

[2011.12.09 15:01:44 | 000,000,260 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_DEFAULT.job

[2012.01.11 18:31:51 | 000,000,268 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_UPDATES.job

[2009.07.14 05:53:46 | 000,030,350 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.05.13 16:41:22 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Adobe

[2010.11.02 02:11:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ASUS WebStorage

[2011.06.29 13:16:06 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Avira

[2011.05.13 16:39:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\E-Cam

[2012.02.14 19:33:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ICQ

[2009.07.14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Identities

[2010.11.02 00:56:59 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\InstallShield

[2010.11.02 01:07:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Macromedia

[2012.01.03 19:32:42 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Malwarebytes

[2012.02.14 19:40:01 | 000,000,000 | --SD | M] -- C:\Users\Flo\AppData\Roaming\Microsoft

[2010.11.02 01:45:35 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Mozilla

[2011.09.21 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\OpenOffice.org

[2012.02.14 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\SoftGrid Client

[2011.09.21 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Systweak

[2012.01.27 16:51:26 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TP

 
 < %APPDATA%\*.exe /s >

[2011.05.23 12:41:01 | 003,119,264 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Flo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys

[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys

[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-770839608-2006469700-1870852776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!