Trojaner-Board - Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung (https://www.trojaner-board.de/110404-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert-50-zahlungsaufforderung.html)

Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert. 50 € Zahlungsaufforderung

Hallo!

Ich bin über google auf eure Seite gestoßen. Wie viele andere hier auch habe ich das Problem mit der im Titel genannten Anzeige. Beim Surfen erschien plötzlich ein komplett schwarzer Bildschirm mit dieser Anzeige (aufgrund des hohen Virenbefalls wird das System blockiert, 50 Euro zur Beseitigung des Problems zahlen,...). Habe mich dann abgemeldet, wieder angemeldet (zwischendurch kein Neustart) und danach nur noch einen leeren Bildschirm vor mir (die offenen Programme konnten zwar wieder maximiert werden, das sah aber alles komplett anders aus).
Nach einem Neustart bin ich dann über den abgesicherten Modus rein und habe AVG scannen lassen.
Danach bin ich dann nach eurer Liste vorgegangen (nicht mehr im abgesicherten Modus). Die Logfiles hänge ich an, das von AVG einfach auch direkt. Bei Defogger habe ich jetzt keine Fehlermeldung wahrgenommen, aber ich hänge die Disable-File auch mal vorsichtshalber an. Würde mich sehr freuen, wenn mir hier jemand helfen kann :)

Ich benutze Vista 32-bit und als Virenscanner das Gratis-Paket von AVG.

Viele Grüße und schonmal ganz vielen Dank im Voraus!

Die DDS.txt wie gewünscht direkt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Freddy at 17:12:03 on 2012-02-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2038.862 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Users\Freddy\AppData\Roaming\Microsoft\torrent.exe
C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uInternet Settings,ProxyServer = 127.0.0.1:9666
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: OrderAssistant.OrderAssistant: {ac38bd53-2101-4ec8-a4d7-d1e58c690e71} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Vfuxuqepiconihu] rundll32.exe "c:\users\freddy\appdata\local\adiciyop.dll",Startup
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ICQ] "c:\program files\icq7.4\ICQ.exe" silent loginmode=4
uRun: [{1E8F7B91-8198-11DC-B0B3-806E6F6E6963}] c:\users\freddy\appdata\roaming\microsoft\torrent.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\freddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\freddy\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\freddy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Felder ausfüllen - file://c:\program files\dhl\dhl bestellhelfer\fillFormContext.html
IE: Felder merken - file://c:\program files\dhl\dhl bestellhelfer\assignContext.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - {23BC42E9-46AB-481f-A200-69524B689A6B} - mscoree.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BDB99B38-9040-4AD3-A534-6A04B83AE8CD} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\freddy\appdata\roaming\mozilla\firefox\profiles\grohfmrs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/watch?v=6G7ILpJlfq8&feature=channel_video_title
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B91da1831-09e6-4d29-ac32-ad727a183e48%7D&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-05%2012%3A14%3A05&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-13 21504]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update-Dienst (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-12 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-12 136176]
S3 PAC207;USB PC Camera;c:\windows\system32\drivers\PFC027.SYS [2008-5-21 616064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-13 16896]
.
=============== Created Last 30 ================
.
2012-02-15 10:39:05 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 10:39:03 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 10:39:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-28 12:07:15 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-28 12:07:14 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-28 12:07:14 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-28 12:07:13 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-28 12:07:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-28 12:07:12 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-26 18:02:13 -------- d-----w- c:\program files\iPod
2012-01-26 18:01:36 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-02-22 00:12:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 00:19:16 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:12:49,59 ===============

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Jap, der funktioniert zum Glück noch.

Grüße!

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo!

Erstmal vielen Dank für die Anleitung! Hier die Logs von Malwarebytes:

mbam-log-2012-02-25 (16-15-18) (von gerade eben):

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.25.04
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Freddy :: HOME-PC [Administrator]
 

25.02.2012 16:15:18

mbam-log-2012-02-25 (16-15-18).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 330920

Laufzeit: 1 Stunde(n), 7 Minute(n), 57 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{1E8F7B91-8198-11DC-B0B3-806E6F6E6963} (Backdoor.Agent.H) -> Daten: C:\Users\Freddy\AppData\Roaming\Microsoft\torrent.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vfuxuqepiconihu (Trojan.Agent.U) -> Daten: rundll32.exe "C:\Users\Freddy\AppData\Local\adiciyop.dll",Startup -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Freddy\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Freddy\AppData\Local\Temp\0.8714479748733555.exe (Backdoor.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Freddy\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

mbam-log-2010-11-24 (07-50-50):

Code:

 Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5178
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975
 

24.11.2010 07:50:50

mbam-log-2010-11-24 (07-50-50).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)

Durchsuchte Objekte: 510131

Laufzeit: 5 Stunde(n), 0 Minute(n), 36 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

mbam-log-2009-03-28 (09-19-05):

Code:

 Malwarebytes' Anti-Malware 1.35

Datenbank Version: 1909

Windows 6.0.6001 Service Pack 1
 

28.03.2009 09:19:05

mbam-log-2009-03-28 (09-19-05).txt
 

Scan-Methode: Vollständiger Scan (C:\|E:\|F:\|)

Durchsuchte Objekte: 387694

Laufzeit: 6 hour(s), 22 minute(s), 12 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Jetzt noch eine Frage zum ESET: An meine externe Festplatte komme ich erst morgen wieder. Soll ich den Scan trotzdem jetzt durchführen oder besser bis morgen warten?

Viele Grüße und nochmal ganz vielen Dank für die Mühe!

Jetzt solltest du den Scan mit ext. Platte ja machen können. Lass Malwarebytes die externe Platte auch prüfen

So, der Scan mit ESET ist durch, hatte allerdings ein Problem: Ich hatte keine Ahnung, wie ich AVG oder die Windows-Firewall deaktivieren kann. Im abgesicherten Modus funktioniert das Sicherheitscentre nicht, oder? Und in AVG selbst konnte ich auch nichts in die Richtung finden. Hab ihn dann einfach so laufen lassen. Hoffe das ist dann auch zu gebrauchen?

Hier der ESET-log (2 Threats gefunden):

Code:

 ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=57186669914d8345ba07cdf08e744cf9

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-26 10:43:44

# local_time=2012-02-26 11:43:44 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 39681932 39681932 0 0

# compatibility_mode=1032 16777214 100 95 218768 73456603 0 0

# compatibility_mode=5892 16776574 100 100 39754972 167821587 0 0

# compatibility_mode=8192 67108863 100 0 13357 13357 0 0

# scanned=174407

# found=2

# cleaned=0

# scan_time=7365

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\e785aca-15b7cbe4        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\448bc1ac-22f7fb7c        multiple threats (unable to clean)        00000000000000000000000000000000        I

Und Malwarebytes für meine externe Festplatte, hat nichts gefunden:

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.26.07
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Freddy :: HOME-PC [Administrator]
 

27.02.2012 00:05:18

mbam-log-2012-02-27 (00-05-18).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 175722

Laufzeit: 2 Minute(n), 42 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Viele Grüße!

Funktioniert der normale Modus wieder?

Bin jetzt über eine halbe Stunde im normalen Modus online, bisher kam nichts mehr und es läuft auch alles. Heißt das das war es?

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier das OTL-Log:
OTL Logfile:

Code:

OTL logfile created on: 27.02.2012 13:10:54 - Run 1

OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Freddy\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 42,29% Memory free

4,22 Gb Paging File | 2,65 Gb Available in Paging File | 62,80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74,52 Gb Total Space | 8,14 Gb Free Space | 10,92% Space Free | Partition Type: NTFS

Drive E: | 73,06 Gb Total Space | 65,25 Gb Free Space | 89,31% Space Free | Partition Type: NTFS

Drive I: | 465,76 Gb Total Space | 448,57 Gb Free Space | 96,31% Space Free | Partition Type: NTFS

 

Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.27 11:58:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Freddy\Desktop\OTL.exe

PRC - [2012.01.31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012.01.18 13:13:31 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

PRC - [2012.01.18 13:13:24 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2012.01.17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.10.31 10:49:47 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011.07.08 21:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011.03.28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe

PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2007.07.20 19:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2007.07.10 08:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

PRC - [2007.07.06 10:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.06.27 11:28:40 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

PRC - [2007.06.19 14:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2007.04.24 15:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe

PRC - [2007.03.22 16:09:28 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe

PRC - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe

PRC - [2006.11.14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2006.11.03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe

PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2006.05.25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.21 19:37:42 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll

MOD - [2012.02.21 19:37:12 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll

MOD - [2012.02.21 19:34:28 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll

MOD - [2012.01.18 13:13:24 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2011.10.12 04:32:37 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2007.06.27 11:28:40 | 000,436,088 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2012.01.18 13:13:31 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.11.10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011.07.08 21:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.02.05 17:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)

SRV - [2006.11.14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006.05.25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.08 21:00:16 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2011.05.27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011.02.22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011.02.10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011.02.10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2008.01.19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007.10.25 17:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007.07.26 15:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2007.07.13 15:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2007.06.18 17:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2007.01.18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.12.14 14:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)

DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/watch?v=6G7ILpJlfq8&feature=channel_video_title"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209

FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001

FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: {BC8B309B-75FF-401C-A4D3-3E779FD88379}:1.9.1

FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B91da1831-09e6-4d29-ac32-ad727a183e48%7D&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-05%2012%3A14%3A05&sap=ku&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012.02.03 15:35:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.31 10:51:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.18 13:13:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.02 04:22:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.22 10:09:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.16 01:14:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BC8B309B-75FF-401C-A4D3-3E779FD88379}: C:\Users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379} [2011.04.23 19:06:59 | 000,000,000 | ---D | M]

 

[2008.09.02 08:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Extensions

[2012.01.06 12:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions

[2010.05.02 00:45:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.11.05 14:55:50 | 000,000,000 | ---D | M] (GutscheinFinder) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}

[2012.01.04 17:50:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.01.23 00:05:56 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}

[2011.12.28 11:46:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.08.31 17:20:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\eafo3fflauncher@ea.com

[2009.11.17 06:24:55 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com

[2010.09.30 20:06:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\vshare@toolbar

[2012.02.11 14:32:16 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-1.xml

[2009.08.06 18:39:02 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-10.xml

[2010.06.25 02:38:42 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-11.xml

[2010.07.26 16:15:29 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-12.xml

[2010.09.13 00:23:49 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-13.xml

[2010.09.17 13:16:10 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-14.xml

[2010.10.21 16:36:18 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-15.xml

[2010.10.29 10:05:59 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-16.xml

[2010.11.26 08:33:37 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-17.xml

[2011.01.13 10:24:43 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-18.xml

[2011.03.24 05:17:36 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-19.xml

[2009.05.07 17:30:35 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-2.xml

[2011.03.25 11:41:51 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-20.xml

[2011.05.05 15:23:08 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-21.xml

[2011.05.06 16:04:28 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-22.xml

[2011.05.19 13:07:25 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-23.xml

[2011.07.09 00:42:22 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-24.xml

[2011.08.11 19:23:18 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-25.xml

[2011.08.17 23:44:56 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-26.xml

[2011.09.10 14:38:09 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-27.xml

[2011.09.15 13:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-28.xml

[2011.09.19 14:22:17 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-29.xml

[2009.05.07 18:11:17 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-3.xml

[2011.10.10 02:12:24 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-30.xml

[2011.11.23 01:39:04 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-31.xml

[2009.06.14 13:32:23 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-4.xml

[2009.06.14 21:37:09 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-5.xml

[2009.06.15 19:33:14 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-6.xml

[2009.06.16 14:41:57 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-7.xml

[2009.06.17 16:17:49 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-8.xml

[2009.07.24 16:09:40 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-9.xml

[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin.xml

[2009.03.07 22:11:58 | 000,001,632 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\live-search.xml

[2011.11.23 01:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009.03.20 17:36:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2012.01.18 13:13:44 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7

() (No name found) -- C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI

[2012.02.22 10:09:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.01.09 14:11:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.01.18 13:13:22 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012.01.09 14:11:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.01.09 14:11:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.09 14:11:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.09 14:11:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.09 14:11:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.02.14 20:52:06 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found

O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)

O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found

O4 - Startup: C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Felder ausfüllen - C:\Program Files\DHL\DHL Bestellhelfer\fillFormContext.html ()

O8 - Extra context menu item: Felder merken - C:\Program Files\DHL\DHL Bestellhelfer\assignContext.html ()

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found

O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe (Reg Error: Key error.)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB99B38-9040-4AD3-A534-6A04B83AE8CD}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.26 19:11:49 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Desktop\110404-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert-50-zahlungsaufforderung-Dateien

[2012.02.26 18:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.26 18:58:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Freddy\Desktop\esetsmartinstaller_enu.exe

[2012.02.26 18:57:11 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Desktop\Logfiles

[2012.02.24 19:31:47 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Freddy\Desktop\OTL.exe

[2012.02.24 17:05:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Freddy\Desktop\dds.com

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Freddy\*.tmp files -> C:\Users\Freddy\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.27 12:34:39 | 000,166,912 | ---- | M] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.27 12:34:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.27 12:22:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.27 12:22:51 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.27 12:03:29 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.02.27 12:03:29 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.02.27 12:03:29 | 000,131,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.02.27 12:03:29 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.02.27 11:58:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Freddy\Desktop\OTL.exe

[2012.02.27 10:32:15 | 090,201,534 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2012.02.27 10:23:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.27 10:22:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.27 10:22:44 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.26 23:53:28 | 000,001,356 | ---- | M] () -- C:\Users\Freddy\AppData\Local\d3d9caps.dat

[2012.02.26 21:23:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Freddy\Desktop\esetsmartinstaller_enu.exe

[2012.02.26 21:20:51 | 000,104,295 | ---- | M] () -- C:\Users\Freddy\Desktop\110404-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert-50-zahlungsaufforderung.html

[2012.02.25 16:12:56 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.24 19:44:25 | 000,005,891 | ---- | M] () -- C:\Users\Freddy\Desktop\Logfiles.zip

[2012.02.24 17:05:44 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Freddy\Desktop\dds.com

[2012.02.24 16:58:02 | 000,302,592 | ---- | M] () -- C:\Users\Freddy\Desktop\5qffb6r1.exe

[2012.02.24 16:54:29 | 000,000,000 | ---- | M] () -- C:\Users\Freddy\defogger_reenable

[2012.02.24 15:36:42 | 000,050,477 | ---- | M] () -- C:\Users\Freddy\Desktop\Defogger.exe

[2012.02.22 19:37:24 | 000,493,162 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

[2012.02.21 19:32:34 | 000,294,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.02.11 14:11:56 | 000,000,907 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012.02.11 14:11:55 | 000,000,927 | ---- | M] () -- C:\Users\Freddy\Desktop\Dropbox.lnk

[2012.02.04 19:20:45 | 000,017,408 | ---- | M] () -- C:\Users\Freddy\AppData\Local\WebpageIcons.db

[2012.02.03 15:35:42 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Freddy\*.tmp files -> C:\Users\Freddy\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.27 10:22:44 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys

[2012.02.26 19:13:18 | 000,104,295 | ---- | C] () -- C:\Users\Freddy\Desktop\110404-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert-50-zahlungsaufforderung.html

[2012.02.25 16:12:56 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.24 19:44:25 | 000,005,891 | ---- | C] () -- C:\Users\Freddy\Desktop\Logfiles.zip

[2012.02.24 16:58:02 | 000,302,592 | ---- | C] () -- C:\Users\Freddy\Desktop\5qffb6r1.exe

[2012.02.24 16:54:29 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\defogger_reenable

[2012.02.24 15:36:41 | 000,050,477 | ---- | C] () -- C:\Users\Freddy\Desktop\Defogger.exe

[2011.11.11 03:04:47 | 000,000,094 | ---- | C] () -- C:\Users\Freddy\AppData\Local\fusioncache.dat

[2011.10.12 02:20:55 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.04.23 19:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat

[2011.04.23 19:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin

[2011.02.28 15:24:25 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll

[2011.01.15 12:59:18 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.01.15 12:59:10 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2010.11.26 10:09:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.08.31 17:22:50 | 000,139,152 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\PnkBstrK.sys

[2010.08.31 17:22:25 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010.05.10 10:27:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010.03.11 20:15:39 | 000,017,408 | ---- | C] () -- C:\Users\Freddy\AppData\Local\WebpageIcons.db

 
 ========== LOP Check ==========

 

[2010.11.26 02:29:33 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\.freeciv

[2010.11.26 08:24:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Amazon

[2011.03.28 18:06:26 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Ashampoo

[2010.11.26 08:49:11 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\AVG10

[2012.02.27 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Dropbox

[2011.01.20 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.22 19:50:01 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\ICQ

[2008.05.06 01:18:25 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\IT-Sevice Christian Hau

[2012.01.10 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Juniper Networks

[2011.11.16 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\kock

[2008.04.23 01:15:18 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\PTC

[2008.05.06 00:35:34 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\SmartDraw

[2009.06.26 15:49:37 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Sony

[2008.03.10 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Toshiba

[2011.11.16 14:17:10 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\xmldm

[2012.02.26 18:02:27 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.11.26 02:29:33 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\.freeciv

[2011.06.15 23:38:47 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Adobe

[2010.11.26 08:24:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Amazon

[2011.05.14 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Apple Computer

[2011.03.28 18:06:26 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Ashampoo

[2010.11.26 08:49:11 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\AVG10

[2010.08.26 01:49:57 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DivX

[2012.02.27 10:27:06 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Dropbox

[2008.03.11 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\dvdcss

[2011.01.20 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.22 19:50:01 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\ICQ

[2007.10.23 21:08:09 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Identities

[2009.06.26 16:17:19 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\InstallShield

[2008.05.06 01:18:25 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\IT-Sevice Christian Hau

[2012.01.10 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Juniper Networks

[2011.11.16 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\kock

[2007.10.23 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Macromedia

[2009.03.28 02:55:19 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Media Center Programs

[2012.02.25 17:29:45 | 000,000,000 | --SD | M] -- C:\Users\Freddy\AppData\Roaming\Microsoft

[2010.11.26 09:25:21 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Move Networks

[2008.09.02 08:03:14 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Mozilla

[2008.04.23 01:15:18 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\PTC

[2010.12.11 20:01:37 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Real

[2012.02.27 12:01:49 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Skype

[2011.06.18 18:29:02 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\skypePM

[2008.05.06 00:35:34 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\SmartDraw

[2009.06.26 15:49:37 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Sony

[2008.03.10 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Toshiba

[2009.11.22 16:30:51 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\TVU networks

[2012.01.14 13:45:18 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\vlc

[2007.11.15 19:57:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\WinRAR

[2011.11.16 14:17:10 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\xmldm

 
 < %APPDATA%\*.exe /s >

[2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.01.18 19:54:36 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.06.03 18:32:28 | 000,149,368 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe

[2011.06.03 18:32:42 | 000,265,384 | ---- | M] (Juniper Networks) -- C:\Users\Freddy\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe

[2011.06.03 18:32:24 | 000,530,296 | ---- | M] (Juniper Networks) -- C:\Users\Freddy\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe

[2011.06.03 18:31:08 | 000,335,496 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe

[2011.06.03 18:18:12 | 000,225,816 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe

[2011.06.03 18:32:46 | 000,051,360 | ---- | M] (Juniper Networks) -- C:\Users\Freddy\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe

[2009.08.20 11:18:28 | 000,001,406 | R--- | M] () -- C:\Users\Freddy\AppData\Roaming\Microsoft\Installer\{B75E0274-3547-4349-88CF-878B04C3092D}\_6FEFF9B68218417F98F549.exe

[2010.02.02 18:25:34 | 000,204,312 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\chrome\content\id_gp_toolbar\TbHelper2.exe

[2009.11.27 00:59:14 | 000,042,496 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\chrome\content\id_gp_toolbar\uninstall.exe

[2009.11.27 00:59:10 | 000,056,832 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\chrome\content\id_gp_toolbar\update.exe

[2010.02.04 21:53:34 | 000,152,664 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\components\setup_widget_serv.exe

[2010.06.02 16:40:59 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Freddy\AppData\Roaming\Real\Update\setup3.10\setup.exe

[2010.09.09 16:53:43 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Freddy\AppData\Roaming\Real\Update\setup3.12\setup.exe

[2010.12.07 15:03:05 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Freddy\AppData\Roaming\Real\Update\setup3.13\setup.exe

[2011.10.26 17:12:00 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Freddy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

[2011.10.26 20:14:19 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Freddy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe

[2011.10.26 20:12:15 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Freddy\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe

[2010.06.21 20:02:03 | 005,642,000 | ---- | M] (TVU networks) -- C:\Users\Freddy\AppData\Roaming\TVU networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

[2008.10.29 20:13:56 | 005,241,840 | ---- | M] (TVU networks) -- C:\Users\Freddy\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.0.1.exe

[2009.09.12 14:32:05 | 005,519,752 | ---- | M] (TVU networks) -- C:\Users\Freddy\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.02.14 15:39:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008.02.14 15:39:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.02.14 15:39:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2007.03.21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

[2007.03.21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys

[2007.03.21 11:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys

[2007.03.21 11:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: KR10N.SYS  >

[2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys

[2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys

[2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\drivers\KR10N.sys

[2007.01.18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Windows\System32\DriverStore\FileRepository\kr10.inf_95888b8d\KR10N.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.08.13 11:11:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.08.13 11:11:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2007.08.13 10:49:59 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2007.08.13 10:49:57 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2007.08.13 10:50:00 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2007.08.13 10:50:10 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2007.08.13 10:50:12 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2008.01.19 08:34:21 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

 
 <           >
 

< End of report >

--- --- ---

Wird Extras.txt auch benötigt?

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Sagmal, gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/watch?v=6G7ILpJlfq8&feature=channel_video_title"

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0

FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B91da1831-09e6-4d29-ac32-ad727a183e48%7D&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-05%2012%3A14%3A05&sap=ku&q="

[2010.05.02 00:45:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.11.05 14:55:50 | 000,000,000 | ---D | M] (GutscheinFinder) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}

[2012.01.04 17:50:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2009.11.17 06:24:55 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com

[2010.09.30 20:06:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\vshare@toolbar

[2012.02.11 14:32:16 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-1.xml

[2009.08.06 18:39:02 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-10.xml

[2010.06.25 02:38:42 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-11.xml

[2010.07.26 16:15:29 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-12.xml

[2010.09.13 00:23:49 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-13.xml

[2010.09.17 13:16:10 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-14.xml

[2010.10.21 16:36:18 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-15.xml

[2010.10.29 10:05:59 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-16.xml

[2010.11.26 08:33:37 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-17.xml

[2011.01.13 10:24:43 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-18.xml

[2011.03.24 05:17:36 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-19.xml

[2009.05.07 17:30:35 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-2.xml

[2011.03.25 11:41:51 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-20.xml

[2011.05.05 15:23:08 | 000,000,961 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-21.xml

[2011.05.06 16:04:28 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-22.xml

[2011.05.19 13:07:25 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-23.xml

[2011.07.09 00:42:22 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-24.xml

[2011.08.11 19:23:18 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-25.xml

[2011.08.17 23:44:56 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-26.xml

[2011.09.10 14:38:09 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-27.xml

[2011.09.15 13:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-28.xml

[2011.09.19 14:22:17 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-29.xml

[2009.05.07 18:11:17 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-3.xml

[2011.10.10 02:12:24 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-30.xml

[2011.11.23 01:39:04 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-31.xml

[2009.06.14 13:32:23 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-4.xml

[2009.06.14 21:37:09 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-5.xml

[2009.06.15 19:33:14 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-6.xml

[2009.06.16 14:41:57 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-7.xml

[2009.06.17 16:17:49 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-8.xml

[2009.07.24 16:09:40 | 000,000,950 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-9.xml

[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin.xml

[2009.03.07 22:11:58 | 000,001,632 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\live-search.xml

[2011.11.23 01:37:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009.03.20 17:36:38 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found

O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe

[2011.11.16 14:17:10 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\xmldm

[2011.11.16 14:17:04 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\kock

:Files

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo!

Hier ist das Ergebnis:

Code:

 All processes killed

========== OTL ==========

HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.

HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "hxxp://www.youtube.com/watch?v=6G7ILpJlfq8&feature=channel_video_title" removed from browser.startup.homepage

Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems

Prefs.js: "hxxp://isearch.avg.com/search?cid=%7B91da1831-09e6-4d29-ac32-ad727a183e48%7D&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-05%2012%3A14%3A05&sap=ku&q=" removed from keyword.URL

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\components folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\chrome\content\id_gp_toolbar folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\chrome\content folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}\chrome folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55} folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com\platform folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com\META-INF folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com\components folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\moveplayer@movenetworks.com folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\vshare@toolbar\META-INF folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\vshare@toolbar\chrome folder moved successfully.

C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\vshare@toolbar folder moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-10.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-11.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-12.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-13.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-14.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-15.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-16.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-17.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-18.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-19.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-20.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-21.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-22.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-23.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-24.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-25.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-26.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-27.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-28.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-29.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-30.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-31.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-7.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-8.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin-9.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\icqplugin.xml moved successfully.

C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\searchplugins\live-search.xml moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions folder moved successfully.

Folder C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC38BD53-2101-4ec8-A4D7-D1E58C690E71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC38BD53-2101-4ec8-A4D7-D1E58C690E71}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC38BD53-2101-4ec8-A4D7-D1E58C690E71}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC38BD53-2101-4ec8-A4D7-D1E58C690E71}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e8f7b95-8198-11dc-b0b3-806e6f6e6963}\ not found.

File F:\Launch.exe not found.

C:\Users\Freddy\AppData\Roaming\xmldm folder moved successfully.

C:\Users\Freddy\AppData\Roaming\kock folder moved successfully.

========== FILES ==========

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6baea4fe-523c7933-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\252441bb-153a0bc3-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\3cdd59f6-49b530e4-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-70960472-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5b902232-590ad86b-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-20215996-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\140de92e-15516f05-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\4f710eed-527472bb-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\258cea61-6b16ba59-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-107f84ed-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-553d2e3b-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4e09eacf-20285f73-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4a3506cf-700e6568-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\4b13650b-488f9880-n folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Freddy

->Temp folder emptied: 25368548 bytes

->Temporary Internet Files folder emptied: 1511853 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 419603204 bytes

->Flash cache emptied: 4394 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 63298 bytes

RecycleBin emptied: 643127 bytes

 

Total Files Cleaned = 427,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.2 log created on 02272012_235541
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Viele Grüße!

Was ist mit meiner Frage?

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!

Sorry, dachte die wäre rhetorisch ;). Ja, das habe ich wirklich häufiger gemacht. Allerdings jetzt auch schon eine Zeit lang nicht mehr.

Wie gesagt, einfach in Zukunft sein lassen. Daher hast du diesen Blockiermüll wohl auch her.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Ok, der TDSS-Killer ist auch durch. Etwas komisch war nur, dass er einen Threat gefunden hat, nach dem Scan stand im Fenster aber groß oben drüber "No threats found" (in der Auflistung darunter allerdings dann doch wieder "Found: 1 threat). Das ganze ging auch ziemlich schnell, etwas mehr als 3 Minuten. Ist das normal?

Hier das Log:

Code:

 14:46:56.0841 4868        TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02

14:46:56.0935 4868        ============================================================

14:46:56.0935 4868        Current date / time: 2012/02/28 14:46:56.0935

14:46:56.0935 4868        SystemInfo:

14:46:56.0935 4868        

14:46:56.0936 4868        OS Version: 6.0.6002 ServicePack: 2.0

14:46:56.0936 4868        Product type: Workstation

14:46:56.0936 4868        ComputerName: HOME-PC

14:46:56.0936 4868        UserName: Freddy

14:46:56.0936 4868        Windows directory: C:\Windows

14:46:56.0936 4868        System windows directory: C:\Windows

14:46:56.0936 4868        Processor architecture: Intel x86

14:46:56.0936 4868        Number of processors: 2

14:46:56.0937 4868        Page size: 0x1000

14:46:56.0937 4868        Boot type: Normal boot

14:46:56.0937 4868        ============================================================

14:46:58.0091 4868        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x209CD, SectorsPerTrack: 0x1A, TracksPerCylinder: 0x5A, Type 'K0', Flags 0x00000050

14:46:58.0095 4868        \Device\Harddisk0\DR0:

14:46:58.0095 4868        MBR used

14:46:58.0095 4868        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x950C800

14:46:58.0096 4868        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x97FB000, BlocksNum 0x921E000

14:46:58.0183 4868        Initialize success

14:46:58.0183 4868        ============================================================

14:47:51.0432 3320        ============================================================

14:47:51.0432 3320        Scan started

14:47:51.0432 3320        Mode: Manual; SigCheck; TDLFS; 

14:47:51.0432 3320        ============================================================

14:47:53.0417 3320        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

14:47:53.0666 3320        ACPI - ok

14:47:54.0056 3320        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

14:47:54.0119 3320        adp94xx - ok

14:47:54.0431 3320        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

14:47:54.0478 3320        adpahci - ok

14:47:54.0836 3320        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

14:47:54.0852 3320        adpu160m - ok

14:47:55.0164 3320        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

14:47:55.0195 3320        adpu320 - ok

14:47:55.0429 3320        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

14:47:55.0507 3320        AFD - ok

14:47:56.0006 3320        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

14:47:56.0178 3320        AgereSoftModem - ok

14:47:56.0365 3320        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

14:47:56.0381 3320        agp440 - ok

14:47:56.0599 3320        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

14:47:56.0615 3320        aic78xx - ok

14:47:56.0677 3320        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

14:47:56.0708 3320        aliide - ok

14:47:56.0849 3320        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

14:47:56.0864 3320        amdagp - ok

14:47:56.0911 3320        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

14:47:56.0927 3320        amdide - ok

14:47:57.0036 3320        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

14:47:57.0192 3320        AmdK7 - ok

14:47:57.0379 3320        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

14:47:57.0504 3320        AmdK8 - ok

14:47:57.0832 3320        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

14:47:57.0863 3320        arc - ok

14:47:57.0941 3320        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

14:47:57.0956 3320        arcsas - ok

14:47:58.0268 3320        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

14:47:58.0424 3320        AsyncMac - ok

14:47:58.0658 3320        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

14:47:58.0674 3320        atapi - ok

14:47:58.0846 3320        athr            (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys

14:47:58.0939 3320        athr - ok

14:47:59.0126 3320        AVGIDSDriver    (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

14:47:59.0251 3320        AVGIDSDriver - ok

14:47:59.0376 3320        AVGIDSEH        (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

14:47:59.0423 3320        AVGIDSEH - ok

14:47:59.0454 3320        AVGIDSFilter    (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

14:47:59.0485 3320        AVGIDSFilter - ok

14:47:59.0532 3320        AVGIDSShim      (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

14:47:59.0563 3320        AVGIDSShim - ok

14:47:59.0719 3320        Avgldx86        (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

14:47:59.0750 3320        Avgldx86 - ok

14:48:00.0296 3320        Avgmfx86        (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

14:48:00.0328 3320        Avgmfx86 - ok

14:48:00.0452 3320        Avgrkx86        (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

14:48:00.0484 3320        Avgrkx86 - ok

14:48:00.0530 3320        Avgtdix         (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

14:48:00.0577 3320        Avgtdix - ok

14:48:00.0733 3320        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

14:48:00.0827 3320        Beep - ok

14:48:00.0967 3320        blbdrive - ok

14:48:01.0279 3320        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

14:48:01.0342 3320        bowser - ok

14:48:01.0576 3320        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

14:48:01.0685 3320        BrFiltLo - ok

14:48:01.0919 3320        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

14:48:01.0981 3320        BrFiltUp - ok

14:48:02.0153 3320        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

14:48:02.0278 3320        Brserid - ok

14:48:02.0480 3320        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

14:48:02.0652 3320        BrSerWdm - ok

14:48:02.0870 3320        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

14:48:03.0011 3320        BrUsbMdm - ok

14:48:03.0276 3320        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

14:48:03.0416 3320        BrUsbSer - ok

14:48:03.0588 3320        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

14:48:03.0713 3320        BTHMODEM - ok

14:48:03.0853 3320        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

14:48:03.0947 3320        cdfs - ok

14:48:03.0994 3320        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

14:48:04.0056 3320        cdrom - ok

14:48:04.0196 3320        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

14:48:04.0306 3320        circlass - ok

14:48:04.0524 3320        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

14:48:04.0571 3320        CLFS - ok

14:48:04.0711 3320        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

14:48:04.0836 3320        CmBatt - ok

14:48:04.0898 3320        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

14:48:04.0930 3320        cmdide - ok

14:48:05.0132 3320        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

14:48:05.0164 3320        Compbatt - ok

14:48:05.0538 3320        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

14:48:05.0554 3320        crcdisk - ok

14:48:05.0678 3320        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

14:48:05.0803 3320        Crusoe - ok

14:48:05.0975 3320        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys

14:48:06.0006 3320        CVirtA - ok

14:48:06.0068 3320        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

14:48:06.0131 3320        DfsC - ok

14:48:06.0334 3320        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

14:48:06.0365 3320        disk - ok

14:48:06.0443 3320        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

14:48:06.0505 3320        drmkaud - ok

14:48:06.0630 3320        dsNcAdpt        (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys

14:48:06.0677 3320        dsNcAdpt - ok

14:48:06.0770 3320        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

14:48:06.0848 3320        DXGKrnl - ok

14:48:07.0098 3320        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

14:48:07.0238 3320        E1G60 - ok

14:48:07.0457 3320        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

14:48:07.0488 3320        Ecache - ok

14:48:07.0722 3320        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

14:48:07.0753 3320        elxstor - ok

14:48:08.0065 3320        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

14:48:08.0143 3320        exfat - ok

14:48:08.0377 3320        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

14:48:08.0440 3320        fastfat - ok

14:48:08.0627 3320        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

14:48:08.0736 3320        fdc - ok

14:48:08.0939 3320        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

14:48:08.0970 3320        FileInfo - ok

14:48:09.0064 3320        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

14:48:09.0142 3320        Filetrace - ok

14:48:09.0235 3320        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

14:48:09.0360 3320        flpydisk - ok

14:48:09.0641 3320        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

14:48:09.0672 3320        FltMgr - ok

14:48:09.0984 3320        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

14:48:10.0062 3320        Fs_Rec - ok

14:48:10.0280 3320        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

14:48:10.0312 3320        gagp30kx - ok

14:48:10.0421 3320        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:48:10.0436 3320        GEARAspiWDM - ok

14:48:10.0748 3320        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

14:48:10.0889 3320        HdAudAddService - ok

14:48:11.0170 3320        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

14:48:11.0279 3320        HDAudBus - ok

14:48:11.0497 3320        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

14:48:11.0622 3320        HidBth - ok

14:48:11.0825 3320        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

14:48:11.0950 3320        HidIr - ok

14:48:12.0137 3320        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

14:48:12.0215 3320        HidUsb - ok

14:48:12.0433 3320        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

14:48:12.0464 3320        HpCISSs - ok

14:48:12.0823 3320        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

14:48:12.0901 3320        HTTP - ok

14:48:13.0166 3320        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

14:48:13.0198 3320        i2omp - ok

14:48:13.0400 3320        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

14:48:13.0463 3320        i8042prt - ok

14:48:13.0744 3320        iaStor          (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys

14:48:13.0790 3320        iaStor - ok

14:48:14.0102 3320        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

14:48:14.0134 3320        iaStorV - ok

14:48:14.0664 3320        igfx            (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys

14:48:14.0836 3320        igfx - ok

14:48:15.0163 3320        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

14:48:15.0194 3320        iirsp - ok

14:48:15.0694 3320        IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys

14:48:15.0865 3320        IntcAzAudAddService - ok

14:48:16.0084 3320        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

14:48:16.0115 3320        intelide - ok

14:48:16.0271 3320        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

14:48:16.0349 3320        intelppm - ok

14:48:16.0598 3320        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:48:16.0661 3320        IpFilterDriver - ok

14:48:16.0942 3320        IpInIp - ok

14:48:17.0144 3320        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

14:48:17.0269 3320        IPMIDRV - ok

14:48:17.0441 3320        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

14:48:17.0519 3320        IPNAT - ok

14:48:17.0784 3320        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

14:48:17.0862 3320        IRENUM - ok

14:48:18.0158 3320        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

14:48:18.0190 3320        isapnp - ok

14:48:18.0455 3320        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

14:48:18.0486 3320        iScsiPrt - ok

14:48:18.0704 3320        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

14:48:18.0736 3320        iteatapi - ok

14:48:18.0782 3320        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

14:48:18.0814 3320        iteraid - ok

14:48:18.0892 3320        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

14:48:18.0923 3320        kbdclass - ok

14:48:18.0985 3320        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

14:48:19.0079 3320        kbdhid - ok

14:48:19.0375 3320        KR10I           (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys

14:48:19.0422 3320        KR10I - ok

14:48:19.0594 3320        KR10N           (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys

14:48:19.0640 3320        KR10N - ok

14:48:19.0796 3320        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

14:48:19.0843 3320        KSecDD - ok

14:48:20.0202 3320        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

14:48:20.0296 3320        lltdio - ok

14:48:20.0608 3320        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

14:48:20.0639 3320        LSI_FC - ok

14:48:20.0888 3320        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

14:48:20.0920 3320        LSI_SAS - ok

14:48:20.0998 3320        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

14:48:21.0029 3320        LSI_SCSI - ok

14:48:21.0060 3320        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

14:48:21.0138 3320        luafv - ok

14:48:21.0310 3320        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

14:48:21.0341 3320        megasas - ok

14:48:21.0403 3320        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

14:48:21.0481 3320        Modem - ok

14:48:21.0637 3320        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

14:48:21.0715 3320        monitor - ok

14:48:22.0012 3320        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

14:48:22.0043 3320        mouclass - ok

14:48:22.0152 3320        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

14:48:22.0199 3320        mouhid - ok

14:48:22.0246 3320        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

14:48:22.0277 3320        MountMgr - ok

14:48:22.0464 3320        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

14:48:22.0480 3320        mpio - ok

14:48:22.0760 3320        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

14:48:22.0823 3320        mpsdrv - ok

14:48:23.0041 3320        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

14:48:23.0072 3320        Mraid35x - ok

14:48:23.0416 3320        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

14:48:23.0478 3320        MRxDAV - ok

14:48:23.0712 3320        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

14:48:23.0774 3320        mrxsmb - ok

14:48:24.0071 3320        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:48:24.0118 3320        mrxsmb10 - ok

14:48:24.0430 3320        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:48:24.0508 3320        mrxsmb20 - ok

14:48:24.0710 3320        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

14:48:24.0726 3320        msahci - ok

14:48:24.0882 3320        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

14:48:24.0898 3320        msdsm - ok

14:48:25.0085 3320        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

14:48:25.0163 3320        Msfs - ok

14:48:25.0381 3320        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

14:48:25.0412 3320        msisadrv - ok

14:48:25.0568 3320        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

14:48:25.0631 3320        MSKSSRV - ok

14:48:25.0849 3320        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

14:48:25.0912 3320        MSPCLOCK - ok

14:48:26.0161 3320        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

14:48:26.0239 3320        MSPQM - ok

14:48:26.0504 3320        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

14:48:26.0536 3320        MsRPC - ok

14:48:26.0707 3320        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

14:48:26.0723 3320        mssmbios - ok

14:48:26.0957 3320        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

14:48:27.0019 3320        MSTEE - ok

14:48:27.0160 3320        MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys

14:48:27.0206 3320        MTsensor - ok

14:48:27.0253 3320        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

14:48:27.0284 3320        Mup - ok

14:48:27.0456 3320        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

14:48:27.0487 3320        NativeWifiP - ok

14:48:27.0830 3320        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

14:48:27.0908 3320        NDIS - ok

14:48:28.0142 3320        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

14:48:28.0205 3320        NdisTapi - ok

14:48:28.0408 3320        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

14:48:28.0470 3320        Ndisuio - ok

14:48:28.0704 3320        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

14:48:28.0751 3320        NdisWan - ok

14:48:28.0876 3320        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

14:48:28.0938 3320        NDProxy - ok

14:48:29.0078 3320        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

14:48:29.0156 3320        NetBIOS - ok

14:48:29.0219 3320        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

14:48:29.0281 3320        netbt - ok

14:48:29.0515 3320        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

14:48:29.0546 3320        nfrd960 - ok

14:48:29.0734 3320        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

14:48:29.0796 3320        Npfs - ok

14:48:29.0921 3320        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

14:48:30.0014 3320        nsiproxy - ok

14:48:30.0467 3320        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

14:48:30.0654 3320        Ntfs - ok

14:48:30.0888 3320        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

14:48:31.0013 3320        ntrigdigi - ok

14:48:31.0372 3320        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

14:48:31.0450 3320        Null - ok

14:48:31.0668 3320        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

14:48:31.0684 3320        nvraid - ok

14:48:31.0777 3320        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

14:48:31.0793 3320        nvstor - ok

14:48:31.0886 3320        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

14:48:31.0918 3320        nv_agp - ok

14:48:32.0089 3320        NwlnkFlt - ok

14:48:32.0120 3320        NwlnkFwd - ok

14:48:32.0245 3320        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

14:48:32.0370 3320        ohci1394 - ok

14:48:32.0698 3320        PAC207          (9482616a0f87384c5afb5f34a317bf6c) C:\Windows\system32\DRIVERS\PFC027.SYS

14:48:32.0900 3320        PAC207 - ok

14:48:33.0088 3320        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

14:48:33.0212 3320        Parport - ok

14:48:33.0431 3320        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

14:48:33.0462 3320        partmgr - ok

14:48:33.0805 3320        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

14:48:33.0930 3320        Parvdm - ok

14:48:34.0164 3320        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

14:48:34.0195 3320        pci - ok

14:48:34.0460 3320        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

14:48:34.0492 3320        pciide - ok

14:48:34.0648 3320        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

14:48:34.0679 3320        pcmcia - ok

14:48:35.0100 3320        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

14:48:35.0303 3320        PEAUTH - ok

14:48:35.0630 3320        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

14:48:35.0708 3320        PptpMiniport - ok

14:48:35.0896 3320        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

14:48:36.0036 3320        Processor - ok

14:48:36.0270 3320        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

14:48:36.0348 3320        PSched - ok

14:48:36.0644 3320        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

14:48:36.0722 3320        ql2300 - ok

14:48:36.0878 3320        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

14:48:36.0894 3320        ql40xx - ok

14:48:36.0956 3320        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

14:48:37.0003 3320        QWAVEdrv - ok

14:48:37.0144 3320        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

14:48:37.0222 3320        RasAcd - ok

14:48:37.0424 3320        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

14:48:37.0502 3320        Rasl2tp - ok

14:48:37.0752 3320        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

14:48:37.0814 3320        RasPppoe - ok

14:48:38.0048 3320        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

14:48:38.0126 3320        RasSstp - ok

14:48:38.0423 3320        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

14:48:38.0501 3320        rdbss - ok

14:48:38.0672 3320        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

14:48:38.0750 3320        RDPCDD - ok

14:48:38.0922 3320        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

14:48:39.0031 3320        rdpdr - ok

14:48:39.0218 3320        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

14:48:39.0328 3320        RDPENCDD - ok

14:48:39.0562 3320        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

14:48:39.0624 3320        RDPWD - ok

14:48:39.0842 3320        rimmptsk        (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

14:48:39.0889 3320        rimmptsk - ok

14:48:40.0014 3320        rimsptsk        (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

14:48:40.0061 3320        rimsptsk - ok

14:48:40.0201 3320        rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys

14:48:40.0232 3320        rismxdp - ok

14:48:40.0310 3320        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

14:48:40.0388 3320        rspndr - ok

14:48:40.0560 3320        RTL8023xp       (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys

14:48:40.0622 3320        RTL8023xp - ok

14:48:40.0825 3320        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

14:48:40.0856 3320        sbp2port - ok

14:48:41.0184 3320        sdbus           (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys

14:48:41.0246 3320        sdbus - ok

14:48:41.0418 3320        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

14:48:41.0558 3320        secdrv - ok

14:48:42.0011 3320        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

14:48:42.0151 3320        Serenum - ok

14:48:42.0338 3320        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

14:48:42.0463 3320        Serial - ok

14:48:42.0697 3320        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

14:48:42.0760 3320        sermouse - ok

14:48:42.0978 3320        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

14:48:43.0103 3320        sffdisk - ok

14:48:43.0337 3320        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

14:48:43.0462 3320        sffp_mmc - ok

14:48:43.0696 3320        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

14:48:43.0805 3320        sffp_sd - ok

14:48:43.0976 3320        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

14:48:44.0117 3320        sfloppy - ok

14:48:44.0288 3320        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

14:48:44.0320 3320        sisagp - ok

14:48:44.0382 3320        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

14:48:44.0413 3320        SiSRaid2 - ok

14:48:44.0460 3320        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

14:48:44.0476 3320        SiSRaid4 - ok

14:48:44.0554 3320        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

14:48:44.0600 3320        Smb - ok

14:48:45.0084 3320        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

14:48:45.0100 3320        spldr - ok

14:48:45.0880 3320        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

14:48:45.0942 3320        srv - ok

14:48:46.0441 3320        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

14:48:46.0519 3320        srv2 - ok

14:48:47.0081 3320        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

14:48:47.0143 3320        srvnet - ok

14:48:47.0330 3320        StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

14:48:47.0393 3320        StillCam - ok

14:48:47.0783 3320        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

14:48:47.0798 3320        swenum - ok

14:48:48.0360 3320        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

14:48:48.0376 3320        Symc8xx - ok

14:48:48.0859 3320        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

14:48:48.0875 3320        Sym_hi - ok

14:48:49.0405 3320        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

14:48:49.0421 3320        Sym_u3 - ok

14:48:49.0686 3320        SynTP           (baa29028e7db52837198465c5c53a2f0) C:\Windows\system32\DRIVERS\SynTP.sys

14:48:49.0717 3320        SynTP - ok

14:48:50.0560 3320        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

14:48:50.0684 3320        Tcpip - ok

14:48:51.0761 3320        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

14:48:51.0886 3320        Tcpip6 - ok

14:48:52.0151 3320        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

14:48:52.0198 3320        tcpipreg - ok

14:48:52.0322 3320        tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

14:48:52.0369 3320        tdcmdpst - ok

14:48:52.0447 3320        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

14:48:52.0525 3320        TDPIPE - ok

14:48:52.0837 3320        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

14:48:52.0915 3320        TDTCP - ok

14:48:53.0586 3320        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

14:48:53.0664 3320        tdx - ok

14:48:53.0992 3320        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

14:48:54.0023 3320        TermDD - ok

14:48:54.0444 3320        tos_sps32       (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

14:48:54.0475 3320        tos_sps32 - ok

14:48:54.0803 3320        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

14:48:54.0881 3320        tssecsrv - ok

14:48:55.0052 3320        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

14:48:55.0084 3320        tunmp - ok

14:48:55.0130 3320        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

14:48:55.0193 3320        tunnel - ok

14:48:56.0004 3320        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

14:48:56.0020 3320        uagp35 - ok

14:48:56.0332 3320        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

14:48:56.0410 3320        udfs - ok

14:48:56.0924 3320        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

14:48:56.0956 3320        uliagpkx - ok

14:48:57.0361 3320        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

14:48:57.0392 3320        uliahci - ok

14:48:57.0673 3320        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

14:48:57.0689 3320        UlSata - ok

14:48:58.0016 3320        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

14:48:58.0048 3320        ulsata2 - ok

14:48:58.0750 3320        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

14:48:58.0812 3320        umbus - ok

14:48:59.0249 3320        USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

14:48:59.0296 3320        USBAAPL ( UnsignedFile.Multi.Generic ) - warning

14:48:59.0296 3320        USBAAPL - detected UnsignedFile.Multi.Generic (1)

14:48:59.0639 3320        usbccgp         (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys

14:48:59.0748 3320        usbccgp - ok

14:49:00.0700 3320        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

14:49:00.0871 3320        usbcir - ok

14:49:01.0168 3320        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

14:49:01.0292 3320        usbehci - ok

14:49:01.0792 3320        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

14:49:01.0870 3320        usbhub - ok

14:49:02.0260 3320        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

14:49:02.0416 3320        usbohci - ok

14:49:02.0743 3320        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

14:49:02.0821 3320        usbprint - ok

14:49:03.0742 3320        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:49:03.0820 3320        USBSTOR - ok

14:49:04.0100 3320        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

14:49:04.0163 3320        usbuhci - ok

14:49:04.0756 3320        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

14:49:04.0880 3320        vga - ok

14:49:06.0019 3320        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

14:49:06.0082 3320        VgaSave - ok

14:49:06.0378 3320        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

14:49:06.0394 3320        viaagp - ok

14:49:06.0550 3320        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

14:49:06.0674 3320        ViaC7 - ok

14:49:07.0064 3320        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

14:49:07.0080 3320        viaide - ok

14:49:07.0595 3320        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

14:49:07.0610 3320        volmgr - ok

14:49:08.0016 3320        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

14:49:08.0063 3320        volmgrx - ok

14:49:08.0437 3320        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

14:49:08.0468 3320        volsnap - ok

14:49:09.0186 3320        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

14:49:09.0217 3320        vsmraid - ok

14:49:10.0028 3320        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

14:49:10.0184 3320        WacomPen - ok

14:49:10.0933 3320        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:49:10.0996 3320        Wanarp - ok

14:49:11.0027 3320        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

14:49:11.0074 3320        Wanarpv6 - ok

14:49:11.0760 3320        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

14:49:11.0776 3320        Wd - ok

14:49:12.0322 3320        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

14:49:12.0415 3320        Wdf01000 - ok

14:49:13.0180 3320        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

14:49:13.0289 3320        WmiAcpi - ok

14:49:13.0601 3320        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

14:49:13.0679 3320        WpdUsb - ok

14:49:13.0913 3320        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

14:49:13.0991 3320        ws2ifsl - ok

14:49:14.0303 3320        WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys

14:49:14.0350 3320        WSDPrintDevice - ok

14:49:14.0537 3320        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

14:49:14.0615 3320        WUDFRd - ok

14:49:14.0708 3320        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

14:49:15.0161 3320        \Device\Harddisk0\DR0 - ok

14:49:15.0208 3320        Boot (0x1200)   (9f66481563f3e13e18297b6867a6de48) \Device\Harddisk0\DR0\Partition0

14:49:15.0208 3320        \Device\Harddisk0\DR0\Partition0 - ok

14:49:15.0254 3320        Boot (0x1200)   (ed80cb87387bc837c59b31d2db9654d6) \Device\Harddisk0\DR0\Partition1

14:49:15.0254 3320        \Device\Harddisk0\DR0\Partition1 - ok

14:49:15.0254 3320        ============================================================

14:49:15.0254 3320        Scan finished

14:49:15.0254 3320        ============================================================

14:49:15.0270 3604        Detected object count: 1

14:49:15.0270 3604        Actual detected object count: 1

14:51:05.0156 3604        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

14:51:05.0156 3604        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ComboFix ist durch, hier der log:
Combofix Logfile:

Code:

ComboFix 12-02-27.02 - Freddy 28.02.2012  16:25:44.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.1173 [GMT 1:00]

ausgeführt von:: c:\users\Freddy\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}

c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\chrome.manifest

c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\chrome\content\_cfg.js

c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\chrome\content\overlay.xul

c:\users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379}\install.rdf

c:\users\Freddy\AppData\Roaming\Adobe\plugs

c:\users\Freddy\AppData\Roaming\Adobe\shed

c:\users\Freddy\AppData\Roaming\Microsoft\Windows\Recent\mxfilerelatedcache.mxc2

c:\users\Freddy\Favorites\mxfilerelatedcache.mxc2

c:\users\Freddy\ia_remove.sh0688.tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-28 bis 2012-02-28  ))))))))))))))))))))))))))))))

.

.

2012-02-28 15:40 . 2012-02-28 15:41        --------        d-----w-        c:\users\Freddy\AppData\Local\temp

2012-02-28 15:40 . 2012-02-28 15:40        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-27 22:55 . 2012-02-27 22:55        --------        d-----w-        C:\_OTL

2012-02-26 17:58 . 2012-02-26 17:58        --------        d-----w-        c:\program files\ESET

2012-02-15 10:39 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 10:39 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-15 10:39 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-22 00:12 . 2011-05-17 19:48        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-12 00:19 . 2012-01-12 00:19        4448256        ----a-w-        c:\windows\system32\GPhotos.scr

2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\system32\DivXControlPanelApplet.cpl

2011-12-10 14:24 . 2009-03-28 01:55        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-22 09:09 . 2011-10-10 01:11        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-01-18 12:13        1811296        ----a-w-        c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Freddy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Freddy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2010-10-06 23:36        94208        ----a-w-        c:\users\Freddy\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-04-18 15146376]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-30 119608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-22 894248]

"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"NDSTray.exe"="NDSTray.exe" [BU]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-10-31 273528]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-18 939872]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-18 928096]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 38302606

*Deregistered* - 38302606

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-12 11:04]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-12 11:04]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Felder ausfüllen - file://c:\program files\DHL\DHL Bestellhelfer\fillFormContext.html

IE: Felder merken - file://c:\program files\DHL\DHL Bestellhelfer\assignContext.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe

FF - ProfilePath - c:\users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B91da1831-09e6-4d29-ac32-ad727a183e48%7D&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-05%2012%3A14%3A05&sap=ku&q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-28 16:41

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Zeit der Fertigstellung: 2012-02-28  16:46:17

ComboFix-quarantined-files.txt  2012-02-28 15:46

.

Vor Suchlauf: 8.400.859.136 Bytes frei

Nach Suchlauf: 8.217.374.720 Bytes frei

.

- - End Of File - - F48FF893FE988ED4647E47766519A6AB

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hi!

Hier sind die logs von GMER und OSAM. Beim Scan mit aswMBR.exe wurde der Bildschirm plötzlich schwarz und es ging nichts mehr, war komplett abgestürzt glaube ich. Habe ich da was falsch gemacht? Sollte ich bei dem Scan auch die Maus nicht bewegen? Wenn du weißt, woran das liegen könnte wäre es super, wenn du mir nochmal bescheid sagen könntest. Sonst versuch ich das später einfach nochmal.

GMER-log:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-29 08:14:23

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03

Running: cektkvxj.exe; Driver: C:\Users\Freddy\AppData\Local\Temp\kwtdipow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xAA5137A0]

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xAA513848]

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xAA5138E4]

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xAA513980]
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                               826F4B74 4 Bytes  [A0, 37, 51, AA]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                               826F4DA4 8 Bytes  [48, 38, 51, AA, E4, 38, 51, ...] {DEC EAX; CMP [ECX-0x56], DL; IN AL, 0x38; PUSH ECX; STOSB }

.text           ntkrnlpa.exe!KeSetEvent + 681                                                                                               826F4E04 4 Bytes  [80, 39, 51, AA] {CMP BYTE [ECX], 0x51; STOSB }

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                   section is writeable [0x8894C000, 0x4036D, 0xE8000020]

.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                                                   unknown last section [0x88995000, 0x510, 0x40000040]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[1268] kernel32.dll!SetUnhandledExceptionFilter                        7631A8C5 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                      AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM-log:
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 09:16:34 on 29.02.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG10\avgrsx.exe
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"hpsctrlc.cpl" - "Hewlett-Packard" - C:\Windows\system32\hpsctrlc.cpl

"TOSCDSPD.cpl" - "TOSHIBA" - C:\Windows\system32\TOSCDSPD.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys

"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys

"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys

"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys

"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys

"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys

"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSEH.Sys

"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys

"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSShim.Sys

"catchme" (catchme) - ? - C:\Users\Freddy\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{B658800C-F66E-4EF3-AB85-6C0C227862A9} "ViProtocolOLE Class" - ? - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgpp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgse.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash11e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

{1ED48504-8834-11D5-AC75-0008C73FD642} "{1ED48504-8834-11D5-AC75-0008C73FD642}" - ? -   (File not found | COM-object registry key not found) / file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgssie.dll

{95B7759C-8C7F-4BF1-B163-73684A933233} "AVG Security Toolbar" - ? - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{ac38bd53-2101-4ec8-a4d7-d1e58c690e71} "{ac38bd53-2101-4ec8-a4d7-d1e58c690e71}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgtray.exe

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"NDSTray.exe" - ? - NDSTray.exe  (File not found)

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"ROC_roc_dec12" - ? - "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

"TkBellExe" - "RealNetworks, Inc." - "c:\program files\real\realplayer\Update\realsched.exe" -osboot

"topi" - "TOSHIBA" - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

"Toshiba Registration" - "Toshiba" - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

"vProt" - ? - "C:\Program Files\AVG Secure Search\vprot.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe

"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\avgwdsvc.exe

"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

"ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Updater Service" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe

"vToolbarUpdater" (vToolbarUpdater) - ? - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Viele Grüße!

Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan

Das hat geklappt :)

Das Log:

Code:

 aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software

Run date: 2012-03-01 13:43:12

-----------------------------

13:43:12.272    OS Version: Windows 6.0.6002 Service Pack 2

13:43:12.273    Number of processors: 2 586 0xF0D

13:43:12.275    ComputerName: HOME-PC  UserName: Freddy

13:43:12.891    Initialize success

13:43:22.901    AVAST engine defs: 12030100

13:43:27.667    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

13:43:27.674    Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3

13:43:27.705    Disk 0 MBR read successfully

13:43:27.713    Disk 0 MBR scan

13:43:27.780    Disk 0 Windows VISTA default MBR code

13:43:27.804    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         1500 MB offset 2048

13:43:27.825    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76313 MB offset 3074048

13:43:27.874    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        74812 MB offset 159363072

13:43:27.907    Disk 0 scanning sectors +312578048

13:43:28.018    Disk 0 scanning C:\Windows\system32\drivers

13:43:47.416    Service scanning

13:44:30.362    Modules scanning

13:44:40.376    Disk 0 trace - called modules:

13:44:40.414    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 

13:44:40.430    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f7dac8]

13:44:40.447    3 CLASSPNP.SYS[887178b3] -> nt!IofCallDriver -> [0x85409020]

13:44:40.464    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8541a030]

13:44:40.482    Scan finished successfully

14:18:15.866    Disk 0 MBR has been saved successfully to "C:\Users\Freddy\Desktop\MBR.dat"

14:18:15.883    The log file has been saved successfully to "C:\Users\Freddy\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo!

Jetzt ist beides durchgelaufen:

Malwarebytes:

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.01.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Freddy :: HOME-PC [Administrator]
 

01.03.2012 20:04:11

mbam-log-2012-03-01 (20-04-11).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 346526

Laufzeit: 2 Stunde(n), 28 Minute(n), 2 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Und SuperAntiSpyware:

Code:

 SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 03/02/2012 at 01:27 PM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8297

Trace Rules Database Version: 6109
 

Scan type       : Complete Scan

Total Scan Time : 02:50:17
 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Administrator
 

Memory items scanned      : 710

Memory threats detected   : 0

Registry items scanned    : 33975

Registry threats detected : 0

File items scanned        : 166081

File threats detected     : 258
 

Rogue.Internet Antivirus

        C:\Program Files\IA
 

Adware.Tracking Cookie

        C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\5FNQM5R0.txt [ /atdmt.com ]

        C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\BWYW05P9.txt [ /c.atdmt.com ]

        C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\S4FE7PIH.txt [ /doubleclick.net ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FWP8BSWK.txt [ Cookie:freddy@invitemedia.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\PII5NN6J.txt [ Cookie:freddy@ad.yieldmanager.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XPLK4YWB.txt [ Cookie:freddy@atdmt.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\83481DFI.txt [ Cookie:freddy@smartadserver.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\1RH4Y1IC.txt [ Cookie:freddy@bs.serving-sys.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SWG6MNUY.txt [ Cookie:freddy@imrworldwide.com/cgi-bin ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\FEXD5N84.txt [ Cookie:freddy@avgtechnologies.112.2o7.net/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\SJEXEGND.txt [ Cookie:freddy@c.atdmt.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GZY69WRD.txt [ Cookie:freddy@adx.chip.de/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\GYF9T7ER.txt [ Cookie:freddy@revsci.net/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\F01WM49N.txt [ Cookie:freddy@adfarm1.adition.com/ ]

        C:\USERS\FREDDY\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPMI9Q59.txt [ Cookie:freddy@doubleclick.net/ ]

        C:\USERS\FREDDY\Cookies\5FNQM5R0.txt [ Cookie:freddy@atdmt.com/ ]

        C:\USERS\FREDDY\Cookies\BWYW05P9.txt [ Cookie:freddy@c.atdmt.com/ ]

        C:\USERS\FREDDY\Cookies\S4FE7PIH.txt [ Cookie:freddy@doubleclick.net/ ]

        delivery.ibanner.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBG75CTX ]

        secure-uk.imrworldwide.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\KBG75CTX ]

        .adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        livestat.derstandard.at [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .specificclick.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adviva.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .elitepvpers.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .2o7.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adxpose.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        zbox.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adxvalue.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .yieldmanager.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .hightraffic.hugoboss.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .ad.adnet.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        tracking.klicktel.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        tracking.klicktel.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .kontera.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tribalfusion.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .amazon-adsystem.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .media6degrees.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.solocpm.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .bs.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .bs.serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        fr.sitestat.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        fr.sitestat.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        adserver.yopi.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        track.adform.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adform.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.zanox-affiliate.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .zanox-affiliate.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .dyntracker.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ww251.smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .multimediaxis.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        www.etracker.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad1.emediate.dk [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad1.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .revsci.net [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\FREDDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GROHFMRS.DEFAULT\COOKIES.SQLITE ]
 

Trojan.Agent/Gen-Malintent

        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Der

Code:

 Rogue.Internet Antivirus

        C:\Program Files\IA

und der

Code:

 Trojan.Agent/Gen-Malintent

        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

von SuperAntiSpyware sind also auch unkritisch?

Soweit ich das überblicken kann läuft alles wieder normal, AVG ist jetzt auch nochmal ohne Fund durchgelaufen.

Vielen vielen Dank für die geduldige Beratung und deine ganze Mühe! Euer Forum ist wirklich eine große Hilfe! :daumenhoc

Das 1. war nur ein Überrest das 2. ist von WinRAR und somit ein Fehalarm