Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Live Security Platinum Virus - wirklich entfernt? (https://www.trojaner-board.de/121369-live-security-platinum-virus-wirklich-entfernt.html)

BlegJakun 06.08.2012 10:08
Live Security Platinum Virus - wirklich entfernt?
 
Hallo liebe Forumsgemeinde!

Echt super, dass es Leute wie euch gibt, die Ihre Zeit opfern um unerfahrenen Usern zu helfen!

Ich habe nun auch ein Problem. Ich habe mir vor ein paar Tagen ( Befall genau 30.07.12 21:40 Uhr ) den Live Security Platinum Virus eingefangen. Daraufhin habe ich wie von Chip.de empfohlen (hxxp://www.chip.de/news/Live-Security-Platinum-Virus-entfernen-So-klappt-s_56857805.html) einen USB-Stick mit SARDU erstellt und von diesem gebootet. Danach habe ich bestimmt 8 Antivirenscans gemacht. Bei vielen der Programme gelang mir allerdings keine Internetverbindung. Mit dem Programm „Kaspersky“ hat es dann funktioniert, er hat auch einige infizierte Dateien gefunden. Diese habe ich das Programm dann löschen lassen. Allerdings lief der Scan immer nur bis etwa 20 % durch. Andere Scans liefen dagegen ganz durch und haben auch sporadisch mal eine Datei gefunden, die ich dann ebenfalls reparieren oder löschen ließ ( Je nachdem, was das Programm empfohlen hatte ).

Nach vielen Scans startete ich dann den Rechner wieder normal. Der Virus war offensichtlich weg. Allerdings dauerte das booten einen kleinen Tick länger ( Bei Windows 7 kommen ja vier kleine leuchtende Bälle am Anfang, die das Windowslogo ergeben. Dies dauert auch grade noch zu lange. )

Ich habe dann im normalen Modus noch Malwarebytes ( 1 Fund ), SUPERAntiSpyware ( 75 Funde ) und den Avira AntivirScan ( 1 Fund ) durchlaufen lassen und die Funde je nach Empfehlung des Programms desinfiziert oder gelöscht.

Aber so richtig traue ich meinem System immernoch nicht.

Es wäre wirklich supernett, wenn Jemand mal über die Logdaten drüberschauen könnte!

Hier der OTL.txt File:

Code:
OTL logfile created on: 06.08.2012 10:01:27 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Anne\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 66,74% Memory free
5,73 Gb Paging File | 4,67 Gb Available in Paging File | 81,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 30,99 Gb Free Space | 11,61% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,26 Gb Free Space | 67,54% Space Free | Partition Type: NTFS
 
Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.06 10:00:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
PRC - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.12.07 20:19:08 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2010.04.06 17:58:46 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2012.07.01 10:58:22 | 000,860,928 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2012.07.01 10:58:21 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.07.01 10:58:21 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.07.01 10:58:21 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.26 12:42:28 | 000,191,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudio.sys -- (paeusbaudio)
DRV - [2011.08.26 12:42:28 | 000,063,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudiodsp.sys -- (paeusbaudiodsp)
DRV - [2011.08.26 12:42:28 | 000,042,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudioks.sys -- (paeusbaudioks)
DRV - [2010.12.07 20:19:00 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010.07.29 17:47:40 | 000,094,624 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCA2000.SYS -- (BCA2000)
DRV - [2010.07.29 17:47:40 | 000,027,328 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCA2000WDM.SYS -- (BCA2000WDM)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.17 16:01:52 | 000,019,712 | ---- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ClaviaUSB.sys -- (CLAVIAUSB)
DRV - [2010.03.24 17:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.03.04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.02.04 13:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2010.02.03 05:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.01.19 18:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2004.07.26 07:28:12 | 000,020,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\bca2000ldr.sys -- (NULOAD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0CF0D63E-77C0-4257-B156-31AA753A0435}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.29 18:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 11:10:34 | 000,000,000 | ---D | M]
 
[2010.07.01 09:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions
[2012.05.02 08:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\xmw4219a.default\extensions
[2012.04.06 11:28:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\xmw4219a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.04 18:29:57 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml
[2010.10.24 18:26:16 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml
[2010.10.28 17:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml
[2010.12.11 15:48:08 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml
[2010.10.13 22:47:45 | 000,001,056 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml
[2012.04.13 11:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.13 11:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.29 18:28:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.13 11:18:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKCU..\Run: [AudioBox VSL]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE461E9-3F24-4351-85F3-DE5D1EF8596C}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A89514-5EF6-41AB-885C-0EBA09EE6156}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 10:00:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
[2012.08.05 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Downloaded Installations
[2012.08.04 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2012.08.04 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.04 18:31:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.04 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.04 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.01 15:04:41 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.30 21:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7
[2012.07.24 12:42:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\Neuer Ordner
[2012.07.09 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Avira
[2012.07.09 13:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.09 13:01:47 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.07.09 13:01:46 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.07.09 13:01:46 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.07.09 13:01:46 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.07.09 13:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.09 13:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 10:02:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 10:02:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 10:00:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
[2012.08.06 09:59:27 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable
[2012.08.06 09:55:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 09:55:06 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 18:31:22 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 20:30:51 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.30 20:30:51 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.30 20:30:51 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.30 20:30:51 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 15:07:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.21 13:34:27 | 321,115,714 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.12 21:48:37 | 000,425,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.06 09:59:27 | 000,000,000 | ---- | C] () -- C:\Users\Anne\defogger_reenable
[2012.08.04 18:31:22 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.09 12:10:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2012.05.31 11:38:26 | 000,004,468 | ---- | C] () -- C:\Users\Anne\öojölk.aup
[2012.05.09 19:49:18 | 000,000,892 | ---- | C] () -- C:\Users\Anne\.recently-used.xbel
[2012.04.17 15:34:14 | 000,007,607 | ---- | C] () -- C:\Users\Anne\AppData\Local\Resmon.ResmonCfg
[2012.04.13 18:42:55 | 000,191,312 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudio.sys
[2012.04.13 18:42:55 | 000,063,824 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudiodsp.sys
[2012.04.13 18:42:55 | 000,042,320 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudioks.sys
[2012.01.30 21:51:17 | 000,013,495 | ---- | C] () -- C:\Users\Anne\Unbenannt 1.odt
[2012.01.12 11:15:18 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.11 12:11:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
[2012.01.11 12:11:18 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
[2012.01.02 17:22:04 | 000,000,674 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\SMRResults210.dat
[2011.03.17 20:58:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.08 17:16:52 | 000,079,519 | ---- | C] () -- C:\Users\Anne\ESt2010_Richter_Anne.elfo
[2010.12.21 10:32:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.02 15:35:29 | 000,011,776 | ---- | C] () -- C:\Users\Anne\lied.wps
[2010.09.24 08:38:14 | 000,004,114 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\wklnhst.dat
[2010.09.02 10:27:54 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== LOP Check ==========
 
[2011.04.24 14:24:34 | 000,000,000 | -HSD | M] -- C:\Users\Anne\AppData\Roaming\.#
[2010.09.02 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Ableton
[2012.07.13 02:01:51 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.04.20 10:17:40 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012.01.27 12:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Canon
[2010.09.02 10:25:34 | 000,000,00a 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PreSonus
[2010.10.07 09:15:06 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Telefónica
[2010.10.23 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Template
[2012.05.26 13:51:39 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1131 bytes -> C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l

< End of report >
Nun der Extras.txt ( Ich habs irgendwie nicht hinbekommen die Files zu zippen) :

Code:
OTL Extras logfile created on: 06.08.2012 10:01:27 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Anne\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 66,74% Memory free
5,73 Gb Paging File | 4,67 Gb Available in Paging File | 81,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 30,99 Gb Free Space | 11,61% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,26 Gb Free Space | 67,54% Space Free | Partition Type: NTFS
 
Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2991DD80-25AE-471E-9981-D572CA0887EE}" = Flux_StereoTool
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1" = AudioBox VSL version 1.0
"{5776E400-655A-44E0-B67C-A236E498AB26}" = Flux_BitterSweetII
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96472D82-0239-11E0-9776-199EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x86)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58DEDD0-9C32-43AB-9FCF-1B8CFB9ABA67}" = Max 5.1.4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Arturia.Minimoog.V.v1.5-DAC" = Arturia.Minimoog.V.v1.5-DAC
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity_is1" = Audacity 1.2.6
"AURC_is1" = Audacity Recovery Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"Clavia USB Driver v3.00" = Clavia USB Driver v3.00
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Finale NotePad 2012" = Finale NotePad 2012
"Grewe Scanner-Interface_is1" = Grewe Scanner-Interface 3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hydrogen" = Hydrogen
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Live 8.1.1" = Live 8.1.1
"M30 Reverb" = M30 Reverb
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"minimoogv2_5_is1" = minimoog-v Original 2.5.3
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Nord Sample Editor" = Nord Sample Editor v2.00
"Nord Sound Manager" = Nord Sound Manager v5.00
"Nord Sound Manager v5.30" = Nord Sound Manager v5.30
"PreSonus FaderPort_is1" = PreSonus FaderPort
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"W735EQ" = W735EQ
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.07.2012 06:45:57 | Computer Name = Anne-PC | Source = RasClient | ID = 20227
Description =
 
Error - 12.07.2012 11:32:03 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 14.07.2012 12:36:15 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 15.07.2012 14:11:54 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 20.07.2012 17:19:38 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 23.07.2012 09:55:48 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 25.07.2012 09:57:28 | Computer Name = Anne-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 30.07.2012 09:10:40 | Computer Name = Anne-PC | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.5.8.2975 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10b8    Startzeit:
 01cd6e547eb4c13c    Endzeit: 0    Anwendungspfad: C:\Program Files\Winamp\winamp.exe    Berichts-ID:
 f2ea32c4-da47-11e1-9e7f-00262dbf99ae 
 
Error - 31.07.2012 12:33:13 | Computer Name = Anne-PC | Source = VSS | ID = 8194
Description =
 
Error - 04.08.2012 12:31:06 | Computer Name = Anne-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 12.3.0.15,
Zeitstempel: 0x4fa05b53  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c33bb  ID des fehlerhaften
 Prozesses: 0x7a8  Startzeit der fehlerhaften Anwendung: 0x01cd725dff66db92  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Avira\AntiVir Desktop\avguard.exe  Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c9c9d4f2-de51-11e1-887e-00262dbf99ae
 
[ Media Center Events ]
Error - 22.07.2012 06:01:04 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 12:01:04 - Fehler beim Herstellen der Internetverbindung.  12:01:04
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.07.2012 06:01:23 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 12:01:10 - Fehler beim Herstellen der Internetverbindung.  12:01:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.07.2012 07:01:27 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 13:01:27 - Fehler beim Herstellen der Internetverbindung.  13:01:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.07.2012 07:01:37 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 13:01:32 - Fehler beim Herstellen der Internetverbindung.  13:01:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.07.2012 08:38:18 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 14:38:17 - Fehler beim Herstellen der Internetverbindung.  14:38:18
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 22.07.2012 08:39:21 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 14:38:23 - Fehler beim Herstellen der Internetverbindung.  14:38:23
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.08.2012 12:40:28 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 18:40:27 - Fehler beim Herstellen der Internetverbindung.  18:40:28
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.08.2012 13:01:14 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 18:40:42 - Fehler beim Herstellen der Internetverbindung.  18:40:42
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.08.2012 14:05:16 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 20:05:10 - Fehler beim Herstellen der Internetverbindung.  20:05:11
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 04.08.2012 15:05:34 | Computer Name = Anne-PC | Source = MCUpdate | ID = 0
Description = 21:05:30 - Fehler beim Herstellen der Internetverbindung.  21:05:30
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 05.08.2012 05:48:23 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 05.08.2012 05:48:23 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 05.08.2012 06:09:12 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 05.08.2012 06:09:12 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 06.08.2012 03:55:17 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Behringer BCA2000 Bootloader" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1058
 
Error - 06.08.2012 03:55:19 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 06.08.2012 03:55:19 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.08.2012 03:55:19 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.08.2012 03:55:52 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 06.08.2012 03:55:52 | Computer Name = Anne-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
 
< End of report >
Und jetzt Gmer.txt:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-06 10:52:41
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: eyr9upv6.exe; Driver: C:\Users\Anne\AppData\Local\Temp\pwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT            9166893E                                  ZwCreateSection
SSDT            91668948                                  ZwRequestWaitReplyPort
SSDT            91668943                                  ZwSetContextThread
SSDT            9166894D                                  ZwSetSecurityObject
SSDT            91668952                                  ZwSystemDebugControl
SSDT            916688DF                                  ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackTransaction + 13E9  83259599 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    8327E092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 340        83285990 4 Bytes  [3E, 89, 66, 91] {MOV DS:[ESI-0x6f], ESP}
.text          ntkrnlpa.exe!RtlSidHashLookup + 69C        83285CEC 4 Bytes  [48, 89, 66, 91] {DEC EAX; MOV [ESI-0x6f], ESP}
.text          ntkrnlpa.exe!RtlSidHashLookup + 6E0        83285D30 4 Bytes  [43, 89, 66, 91] {INC EBX; MOV [ESI-0x6f], ESP}
.text          ntkrnlpa.exe!RtlSidHashLookup + 75C        83285DAC 4 Bytes  [4D, 89, 66, 91] {DEC EBP; MOV [ESI-0x6f], ESP}
.text          ntkrnlpa.exe!RtlSidHashLookup + 7B0        83285E00 4 Bytes  [52, 89, 66, 91] {PUSH EDX; MOV [ESI-0x6f], ESP}
.text          ...                                       
PAGE            peauth.sys                                AD60DB9B 72 Bytes  [8E, 99, 59, E8, 25, 7E, A4, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000049          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
:dankeschoen: jetzt schonmal :)

cosinus 09.08.2012 12:23
Zitat:
Ich habe dann im normalen Modus noch Malwarebytes ( 1 Fund ), SUPERAntiSpyware ( 75 Funde ) und den Avira AntivirScan ( 1 Fund ) durchlaufen lassen und die Funde je nach Empfehlung des Programms desinfiziert oder gelöscht.
Schön und wo sind die Logs dazu? :confused:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

BlegJakun 09.08.2012 13:42
Hallo Arne,

vielen Dank für Deine Antwort!

Der Log von Avira:

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 5. August 2012  10:23

Es wird nach 4059199 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (plain)  [6.1.7600]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ANNE-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  01.05.2012 22:48:48
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  02.05.2012 00:02:50
LUKE.DLL      : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL      : 12.3.0.17    232200 Bytes  09.07.2012 11:03:05
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 11:03:01
VBASE006.VDF  : 7.11.34.117    2048 Bytes  29.06.2012 11:03:01
VBASE007.VDF  : 7.11.34.118    2048 Bytes  29.06.2012 11:03:01
VBASE008.VDF  : 7.11.34.119    2048 Bytes  29.06.2012 11:03:01
VBASE009.VDF  : 7.11.34.120    2048 Bytes  29.06.2012 11:03:01
VBASE010.VDF  : 7.11.34.121    2048 Bytes  29.06.2012 11:03:02
VBASE011.VDF  : 7.11.34.122    2048 Bytes  29.06.2012 11:03:02
VBASE012.VDF  : 7.11.34.123    2048 Bytes  29.06.2012 11:03:02
VBASE013.VDF  : 7.11.34.124    2048 Bytes  29.06.2012 11:03:02
VBASE014.VDF  : 7.11.38.18  2554880 Bytes  30.07.2012 16:30:46
VBASE015.VDF  : 7.11.38.70    556032 Bytes  31.07.2012 16:30:46
VBASE016.VDF  : 7.11.38.143  171008 Bytes  02.08.2012 16:30:46
VBASE017.VDF  : 7.11.38.144    2048 Bytes  02.08.2012 16:30:46
VBASE018.VDF  : 7.11.38.145    2048 Bytes  02.08.2012 16:30:46
VBASE019.VDF  : 7.11.38.146    2048 Bytes  02.08.2012 16:30:46
VBASE020.VDF  : 7.11.38.147    2048 Bytes  02.08.2012 16:30:47
VBASE021.VDF  : 7.11.38.148    2048 Bytes  02.08.2012 16:30:47
VBASE022.VDF  : 7.11.38.149    2048 Bytes  02.08.2012 16:30:47
VBASE023.VDF  : 7.11.38.150    2048 Bytes  02.08.2012 16:30:47
VBASE024.VDF  : 7.11.38.151    2048 Bytes  02.08.2012 16:30:47
VBASE025.VDF  : 7.11.38.152    2048 Bytes  02.08.2012 16:30:47
VBASE026.VDF  : 7.11.38.153    2048 Bytes  02.08.2012 16:30:47
VBASE027.VDF  : 7.11.38.154    2048 Bytes  02.08.2012 16:30:47
VBASE028.VDF  : 7.11.38.155    2048 Bytes  02.08.2012 16:30:47
VBASE029.VDF  : 7.11.38.156    2048 Bytes  02.08.2012 16:30:47
VBASE030.VDF  : 7.11.38.157    2048 Bytes  02.08.2012 16:30:47
VBASE031.VDF  : 7.11.38.202  119808 Bytes  04.08.2012 16:30:47
Engineversion  : 8.2.10.126
AEVDF.DLL      : 8.1.2.10      102772 Bytes  22.07.2012 11:31:06
AESCRIPT.DLL  : 8.1.4.38      455033 Bytes  04.08.2012 16:30:49
AESCN.DLL      : 8.1.8.2      131444 Bytes  16.02.2012 16:11:36
AESBX.DLL      : 8.2.5.12      606578 Bytes  09.07.2012 11:03:05
AERDL.DLL      : 8.1.9.15      639348 Bytes  20.01.2012 23:21:32
AEPACK.DLL    : 8.3.0.18      807287 Bytes  30.07.2012 13:13:09
AEOFFICE.DLL  : 8.1.2.42      201083 Bytes  22.07.2012 11:31:05
AEHEUR.DLL    : 8.1.4.84    5112182 Bytes  04.08.2012 16:30:49
AEHELP.DLL    : 8.1.23.2      258422 Bytes  09.07.2012 11:03:03
AEGEN.DLL      : 8.1.5.34      434548 Bytes  22.07.2012 11:31:04
AEEXP.DLL      : 8.1.0.74      86387 Bytes  04.08.2012 16:30:49
AEEMU.DLL      : 8.1.3.2      393587 Bytes  22.07.2012 11:31:04
AECORE.DLL    : 8.1.27.2      201078 Bytes  22.07.2012 11:31:03
AEBB.DLL      : 8.1.1.0        53618 Bytes  20.01.2012 23:21:28
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL    : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL      : 12.3.0.15    179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL    : 12.3.0.15    211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  01.05.2012 22:51:35
NETNT.DLL      : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  02.05.2012 00:03:51
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 5. August 2012  10:23

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'msiexec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'WisLMSvc.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'x10nets.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'FABS.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALDITALKVerbindungsassistent_Service.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALDITALKVerbindungsassistent_Launcher.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'M-AudioTaskBarIcon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'WButton.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'OSD.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'HotkeyApp.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVBg.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('20' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\Hydrogen\uninstall.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '2382' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <BOOT>
C:\Program Files\Hydrogen\uninstall.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSILZ58X\content_max[1].zip
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\Anne\Downloads\avira_free_antivirus_de.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\Anne\Downloads\alte downloads\connection-manager-win-update8.6.exe.part
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\Anne\Downloads\alte downloads\setup_audacity_recovery.exe
  [WARNUNG]  Die Version dieses Archives wird nicht unterstützt
C:\Windows\SoftwareDistribution\Download\d455622342e0f99dee2137e0aae4505c\BITCACB.tmp
  [WARNUNG]  Die komprimierten Daten sind fehlerhaft
C:\Windows\System32\services.exe.AOSS
  [FUND]      Enthält Code des Windows-Virus W32/Patched.UB
Beginne mit der Suche in 'D:\' <Recover>
D:\DRIVER\04. Audio\Realtek_6.0.1.6083\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe
  [WARNUNG]  Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
D:\TOOLS\Corel Draw Essentials4\AutoPlay\autorun.cdd
  [WARNUNG]  Die Datei ist kennwortgeschützt

Beginne mit der Desinfektion:
C:\Windows\System32\services.exe.AOSS
  [FUND]      Enthält Code des Windows-Virus W32/Patched.UB
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 55a9e278.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde repariert.


Ende des Suchlaufs: Sonntag, 5. August 2012  11:43
Benötigte Zeit:  1:19:22 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  28363 Verzeichnisse wurden überprüft
 753283 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      1 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 753282 Dateien ohne Befall
  5170 Archive wurden durchsucht
      9 Warnungen
      1 Hinweise
 591720 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
Malewarebytes:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Anne :: ANNE-PC [Administrator]

04.08.2012 18:32:10
mbam-log-2012-08-04 (18-32-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402965
Laufzeit: 1 Stunde(n), 46 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n.AOSS.AOSS (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Den Log von SUPERAntiSpyware habe ich leider nicht mehr, da ich das Programm wie hier -> http://www.trojaner-board.de/51871-a...tispyware.html empfohlen gelöscht habe. Ich habe grade das Programm erneut heruntergeladen und nachgeschaut, ob ich den Log dadurch wiederfinde aber das hat nicht funktioniert. Möchtest Du, dass ich einen weiteren Scan durchführe?

Lieben Gruß,

Tim

cosinus 10.08.2012 13:00
Bitte erstmal routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

BlegJakun 11.08.2012 13:19
Hallo Arne,

hier sind die Logs:

Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.10.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anne :: ANNE-PC [Administrator]

10.08.2012 15:28:18
mbam-log-2012-08-10 (15-28-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 408709
Laufzeit: 2 Stunde(n), 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b6e7a1433bd8014d90bac52dd641e3e0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 12:18:23
# local_time=2012-08-11 02:18:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 2849681 2849681 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 433805 96312573 0 0
# compatibility_mode=8192 67108863 100 0 98 98 0 0
# scanned=224002
# found=1
# cleaned=0
# scan_time=6121
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\4cd35dd-63109e86.AOSS.AOSS        Java/Exploit.CVE-2012-1723.AB trojan (unable to clean)        00000000000000000000000000000000        I
Lieben Gruß,

Tim

cosinus 11.08.2012 18:19
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

BlegJakun 11.08.2012 19:59
Ja, habe ich schonmal. Den Log habe ich weiter oben schon gepostet, ich stelle ihn hier nochmal rein:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Anne :: ANNE-PC [Administrator]

04.08.2012 18:32:10
mbam-log-2012-08-04 (18-32-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402965
Laufzeit: 1 Stunde(n), 46 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n.AOSS.AOSS (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Lieben Gruß,

Tim :)

cosinus 11.08.2012 21:06
Ich dachte nur du hättest evtl. noch andere, da du das schonmal gepostet hast hättest du das nicht nochmal machen müssen

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

BlegJakun 11.08.2012 21:23
Okay, also der Suchlauf hat grade nur wenige Sekunden gebraucht, ich hoffe es ist alles korrekt:

Code:
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 22:24:25
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Anne - ANNE-PC
# Running from : C:\Users\Anne\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [778 octets] - [11/08/2012 22:24:25]

########## EOF - C:\AdwCleaner[R1].txt - [905 octets] ##########

cosinus 11.08.2012 21:54
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

BlegJakun 11.08.2012 22:07
Hier der File: :dankeschoen:

Code:
# AdwCleaner v1.800 - Logfile created 08/11/2012 at 23:06:32
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Anne - ANNE-PC
# Running from : C:\Users\Anne\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [905 octets] - [11/08/2012 22:24:25]
AdwCleaner[R2].txt - [964 octets] - [11/08/2012 22:27:02]
AdwCleaner[R3].txt - [1024 octets] - [11/08/2012 22:27:07]
AdwCleaner[S1].txt - [960 octets] - [11/08/2012 23:06:32]

########## EOF - C:\AdwCleaner[S1].txt - [1087 octets] ##########

cosinus 11.08.2012 22:26
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

BlegJakun 11.08.2012 22:37
Zu 1: Der normale Modus zeigt keinerlei Auffälligkeiten. Es ist alles wie vor dem Befall. Einzig der Start des Rechners dauert meiner Meinung nach ein wenig länger als zuvor.

Zu 2: Im Startmenü ist auch alles wie gewohnt, unter "Alle Programme" befinden sich keine leeren Ordner.

Lieben Gruß,

Tim

cosinus 12.08.2012 13:13
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

BlegJakun 12.08.2012 21:39
Hier der Log :)

Code:
OTL logfile created on: 12.08.2012 21:52:32 - Run 2
OTL by OldTimer - Version 3.2.57.0    Folder = C:\Users\Anne\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 66,27% Memory free
5,73 Gb Paging File | 4,52 Gb Available in Paging File | 78,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 12,87 Gb Free Space | 4,82% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 20,26 Gb Free Space | 67,54% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: ANNE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 21:50:49 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Downloads\OTL.exe
PRC - [2012.08.09 10:28:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.10 01:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
PRC - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.12.07 20:19:08 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.04.06 17:58:46 | 000,694,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.12 21:49:53 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.08.12 21:49:53 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.08.09 14:39:22 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.08.09 14:39:22 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.09.13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.06 12:36:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.06 11:29:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.13 10:16:04 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.12.10 08:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.10 08:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.07 03:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2012.07.01 10:58:22 | 000,860,928 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2012.07.01 10:58:21 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2012.07.01 10:58:21 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012.07.01 10:58:21 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.26 12:42:28 | 000,191,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudio.sys -- (paeusbaudio)
DRV - [2011.08.26 12:42:28 | 000,063,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudiodsp.sys -- (paeusbaudiodsp)
DRV - [2011.08.26 12:42:28 | 000,042,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\paeusbaudioks.sys -- (paeusbaudioks)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.12.07 20:19:00 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.29 17:47:40 | 000,094,624 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCA2000.SYS -- (BCA2000)
DRV - [2010.07.29 17:47:40 | 000,027,328 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCA2000WDM.SYS -- (BCA2000WDM)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.17 16:01:52 | 000,019,712 | ---- | M] (Clavia DMI AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ClaviaUSB.sys -- (CLAVIAUSB)
DRV - [2010.03.24 17:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.03.04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.02.10 15:01:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.02.04 13:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2010.02.03 05:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.01.19 18:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009.09.18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2004.07.26 07:28:12 | 000,020,864 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\bca2000ldr.sys -- (NULOAD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes\{0CF0D63E-77C0-4257-B156-31AA753A0435}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.06 11:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.06 11:36:43 | 000,000,000 | ---D | M]
 
[2010.07.01 09:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Extensions
[2012.05.02 08:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\xmw4219a.default\extensions
[2012.04.06 11:28:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Anne\AppData\Roaming\mozilla\Firefox\Profiles\xmw4219a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.12 00:13:27 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml
[2010.10.24 18:26:16 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml
[2010.10.28 17:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml
[2010.12.11 15:48:08 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml
[2010.10.13 22:47:45 | 000,001,056 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml
[2012.08.06 11:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.06 11:29:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.13 11:18:45 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.29 06:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.08.06 11:29:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.06 11:29:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.06 11:29:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.06 11:29:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.06 11:29:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.06 11:29:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000..\Run: [AudioBox VSL]  File not found
O4 - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE461E9-3F24-4351-85F3-DE5D1EF8596C}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A89514-5EF6-41AB-885C-0EBA09EE6156}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BCA2000 - hkey= - key= -  File not found
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend -  File not found
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend -  File not found
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux8 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux9 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.11 12:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.11 12:34:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Anne\Desktop\esetsmartinstaller_enu.exe
[2012.08.09 14:39:02 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\SUPERAntiSpyware.com
[2012.08.09 14:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.08.09 14:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.08.09 14:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.08.09 11:23:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.08.09 11:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.08.09 11:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.08.06 11:52:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012.08.06 11:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.08.06 11:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.08.06 11:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.06 11:34:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.06 11:31:01 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Macromedia
[2012.08.06 11:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.06 11:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.06 11:00:05 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\Logfiles.zip
[2012.08.06 10:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.08.06 10:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.08.06 10:00:12 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
[2012.08.05 10:18:43 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Downloaded Installations
[2012.08.04 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2012.08.04 18:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.04 18:31:11 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.04 18:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.04 18:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.01 15:04:41 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.07.30 21:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7
[2012.07.24 12:42:10 | 000,000,000 | ---D | C] -- C:\Users\Anne\Desktop\Neuer Ordner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 21:57:03 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 21:57:03 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 21:54:12 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.12 21:54:12 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.12 21:54:12 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.12 21:54:12 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.12 21:49:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 21:49:30 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.12 17:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.12 13:47:22 | 000,021,793 | ---- | M] () -- C:\Users\Anne\Desktop\Frank und Inga.odt
[2012.08.11 22:23:42 | 000,614,903 | ---- | M] () -- C:\Users\Anne\Desktop\adwcleaner.exe
[2012.08.11 12:34:06 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Anne\Desktop\esetsmartinstaller_enu.exe
[2012.08.10 17:32:14 | 000,014,488 | ---- | M] () -- C:\Users\Anne\Desktop\Malewarebytes Log 10.08.odt
[2012.08.09 14:38:40 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.08.06 12:09:40 | 000,425,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.06 11:36:43 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.06 10:12:36 | 000,302,592 | ---- | M] () -- C:\Users\Anne\Desktop\eyr9upv6.exe
[2012.08.06 10:00:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
[2012.08.06 09:59:27 | 000,000,000 | ---- | M] () -- C:\Users\Anne\defogger_reenable
[2012.08.04 18:31:22 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.30 15:07:42 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.07.21 13:34:27 | 321,115,714 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.12 13:29:12 | 000,021,793 | ---- | C] () -- C:\Users\Anne\Desktop\Frank und Inga.odt
[2012.08.11 22:23:41 | 000,614,903 | ---- | C] () -- C:\Users\Anne\Desktop\adwcleaner.exe
[2012.08.10 17:32:11 | 000,014,488 | ---- | C] () -- C:\Users\Anne\Desktop\Malewarebytes Log 10.08.odt
[2012.08.09 14:38:40 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.08.06 11:36:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.08.06 11:36:43 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.06 11:30:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.06 10:12:36 | 000,302,592 | ---- | C] () -- C:\Users\Anne\Desktop\eyr9upv6.exe
[2012.08.06 09:59:27 | 000,000,000 | ---- | C] () -- C:\Users\Anne\defogger_reenable
[2012.08.04 18:31:22 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.31 11:38:26 | 000,004,468 | ---- | C] () -- C:\Users\Anne\öojölk.aup
[2012.05.09 19:49:18 | 000,000,892 | ---- | C] () -- C:\Users\Anne\.recently-used.xbel
[2012.04.17 15:34:14 | 000,007,607 | ---- | C] () -- C:\Users\Anne\AppData\Local\Resmon.ResmonCfg
[2012.04.13 18:42:55 | 000,191,312 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudio.sys
[2012.04.13 18:42:55 | 000,063,824 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudiodsp.sys
[2012.04.13 18:42:55 | 000,042,320 | ---- | C] () -- C:\Windows\System32\drivers\paeusbaudioks.sys
[2012.01.30 21:51:17 | 000,013,495 | ---- | C] () -- C:\Users\Anne\Unbenannt 1.odt
[2012.01.12 11:15:18 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.11 12:11:18 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
[2012.01.11 12:11:18 | 000,002,048 | -HS- | C] () -- C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
[2012.01.02 17:22:04 | 000,000,674 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\SMRResults210.dat
[2011.03.17 20:58:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.08 17:16:52 | 000,079,519 | ---- | C] () -- C:\Users\Anne\ESt2010_Richter_Anne.elfo
[2010.12.21 10:32:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.02 15:35:29 | 000,011,776 | ---- | C] () -- C:\Users\Anne\lied.wps
[2010.09.24 08:38:14 | 000,004,114 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\wklnhst.dat
[2010.09.02 10:27:54 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2010.08.25 20:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.08.25 20:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== LOP Check ==========
 
[2011.04.24 14:24:34 | 000,000,000 | -HSD | M] -- C:\Users\Anne\AppData\Roaming\.#
[2010.09.02 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Ableton
[2012.07.13 02:01:51 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.04.20 10:17:40 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012.01.27 12:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Canon
[2010.09.02 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Cycling '74
[2011.02.08 16:58:24 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\elsterformular
[2012.04.25 14:03:18 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Flux
[2011.08.05 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ICQ
[2010.10.26 14:03:19 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\MAGIX
[2012.02.28 15:00:41 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\MakeMusic
[2011.10.03 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\OpenOffice.org
[2010.09.02 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PACE Anti-Piracy
[2012.04.13 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PreSonus
[2010.10.07 09:15:06 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Telefónica
[2010.10.23 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Template
[2012.08.07 20:29:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.04.24 14:24:34 | 000,000,000 | -HSD | M] -- C:\Users\Anne\AppData\Roaming\.#
[2010.09.02 09:40:23 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Ableton
[2010.07.06 12:48:08 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Adobe
[2012.07.13 02:01:51 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDITALKVerbindungsassistent
[2011.04.20 10:17:40 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ALDI_SUED_Mah_Jong
[2012.03.21 16:00:42 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Apple Computer
[2012.07.09 13:13:28 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Avira
[2012.01.27 12:51:47 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Canon
[2010.12.21 10:32:19 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Corel
[2011.04.06 17:35:34 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\CyberLink
[2010.09.02 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Cycling '74
[2012.04.23 23:39:12 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\dvdcss
[2011.02.08 16:58:24 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\elsterformular
[2012.04.25 14:03:18 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Flux
[2011.08.05 09:43:17 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\ICQ
[2010.07.01 09:26:48 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Identities
[2010.07.01 09:49:28 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Macromedia
[2010.10.26 14:03:19 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\MAGIX
[2012.02.28 15:00:41 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\MakeMusic
[2012.08.04 18:31:39 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Media Center Programs
[2012.08.06 11:31:01 | 000,000,000 | --SD | M] -- C:\Users\Anne\AppData\Roaming\Microsoft
[2010.07.01 09:55:36 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Mozilla
[2011.10.03 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\OpenOffice.org
[2010.09.02 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PACE Anti-Piracy
[2012.04.13 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\PreSonus
[2012.08.10 01:31:15 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Skype
[2011.04.29 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\skypePM
[2012.08.09 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.07 09:15:06 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Telefónica
[2010.10.23 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Template
[2012.06.02 14:39:49 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\vlc
[2011.04.04 10:48:14 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.03.03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010.03.03 19:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1131 bytes -> C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l

< End of report >

cosinus 13.08.2012 16:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - user.js - File not found
[2012.08.12 00:13:27 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml
[2010.10.24 18:26:16 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml
[2010.10.28 17:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml
[2010.12.11 15:48:08 | 000,000,950 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml
[2010.10.13 22:47:45 | 000,001,056 | ---- | M] () -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell - "" = AutoRun
O33 - MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
@Alternate Data Stream - 1131 bytes -> C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l
:Files
C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache
C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n
C:\Users\Anne\öojölk.aup
C:\Users\Anne\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

BlegJakun 13.08.2012 16:44
Hallo Arne,

habe alles gemacht. Hier der Logfile:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-2798720663-2893779436-2618775443-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2798720663-2893779436-2618775443-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b1071-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b1071-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b1071-c618-11e1-a22b-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b108b-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{051b108b-c618-11e1-a22b-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{051b108b-c618-11e1-a22b-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1c5a4a52-c3ac-11e1-8313-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f82-c469-11e1-b50e-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1da23f98-c469-11e1-b50e-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b6f3-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b701-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b712-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b738-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c67b745-c439-11e1-9e50-001e101f8aaa}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ce62b86-c40e-11e1-b120-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448482-84e1-11df-afd0-1c4bd6e5ac1c}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448493-84e1-11df-afd0-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b448493-84e1-11df-afd0-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b448493-84e1-11df-afd0-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82b1f876-c35a-11e1-b13d-00262dbf99ae}\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c209-850d-11df-9a78-00262dbf99ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ad9c221-850d-11df-9a78-00262dbf99ae}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\AutoRun.exe not found.
ADS C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa:UZx3r6cEDs006sVzXVnEuQwp3l deleted successfully.
========== FILES ==========
C:\Users\Anne\AppData\Local\sBRx8uaW4jsDpa folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\ProgramData\6C82D0E90007E17A025E048A4F147CE7 folder moved successfully.
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@ moved successfully.
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\@ moved successfully.
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L folder moved successfully.
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\L folder moved successfully.
C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U folder moved successfully.
C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\U folder moved successfully.
File\Folder C:\Windows\Installer\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n not found.
File\Folder C:\Users\Anne\AppData\Local\{9bf1ab19-96ea-154c-b06d-b30e206f8d97}\n not found.
C:\Users\Anne\öojölk.aup moved successfully.
C:\Users\Anne\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Anne
->Temp folder emptied: 401720722 bytes
->Temporary Internet Files folder emptied: 81313052 bytes
->FireFox cache emptied: 53657032 bytes
->Flash cache emptied: 930 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11867043 bytes
RecycleBin emptied: 205180916 bytes
 
Total Files Cleaned = 719,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Anne
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.56.0 log created on 08132012_173922

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Lieben Gruß,

Tim

cosinus 13.08.2012 18:19
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

BlegJakun 13.08.2012 18:35
Da ist der Log :)

Code:
19:35:55.0444 3768        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:35:55.0537 3768        ============================================================
19:35:55.0537 3768        Current date / time: 2012/08/13 19:35:55.0537
19:35:55.0537 3768        SystemInfo:
19:35:55.0537 3768       
19:35:55.0537 3768        OS Version: 6.1.7601 ServicePack: 1.0
19:35:55.0537 3768        Product type: Workstation
19:35:55.0537 3768        ComputerName: ANNE-PC
19:35:55.0537 3768        UserName: Anne
19:35:55.0537 3768        Windows directory: C:\Windows
19:35:55.0537 3768        System windows directory: C:\Windows
19:35:55.0537 3768        Processor architecture: Intel x86
19:35:55.0537 3768        Number of processors: 4
19:35:55.0537 3768        Page size: 0x1000
19:35:55.0537 3768        Boot type: Normal boot
19:35:55.0537 3768        ============================================================
19:35:56.0255 3768        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:56.0255 3768        ============================================================
19:35:56.0255 3768        \Device\Harddisk0\DR0:
19:35:56.0255 3768        MBR partitions:
19:35:56.0255 3768        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:35:56.0255 3768        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x215FA800
19:35:56.0255 3768        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2162D000, BlocksNum 0x3C00000
19:35:56.0255 3768        ============================================================
19:35:56.0286 3768        C: <-> \Device\Harddisk0\DR0\Partition1
19:35:56.0317 3768        D: <-> \Device\Harddisk0\DR0\Partition2
19:35:56.0317 3768        ============================================================
19:35:56.0317 3768        Initialize success
19:35:56.0317 3768        ============================================================
19:36:05.0428 1208        ============================================================
19:36:05.0428 1208        Scan started
19:36:05.0428 1208        Mode: Manual; SigCheck; TDLFS;
19:36:05.0428 1208        ============================================================
19:36:06.0052 1208        !SASCORE        (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:36:06.0098 1208        !SASCORE - ok
19:36:06.0442 1208        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:36:06.0535 1208        1394ohci - ok
19:36:06.0613 1208        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:36:06.0629 1208        ACPI - ok
19:36:06.0660 1208        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:36:06.0738 1208        AcpiPmi - ok
19:36:06.0863 1208        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:06.0878 1208        AdobeARMservice - ok
19:36:07.0003 1208        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:07.0003 1208        AdobeFlashPlayerUpdateSvc - ok
19:36:07.0097 1208        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:07.0112 1208        adp94xx - ok
19:36:07.0175 1208        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:36:07.0190 1208        adpahci - ok
19:36:07.0253 1208        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:36:07.0268 1208        adpu320 - ok
19:36:07.0315 1208        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:36:07.0378 1208        AeLookupSvc - ok
19:36:07.0487 1208        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:36:07.0549 1208        AFD - ok
19:36:07.0658 1208        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:36:07.0674 1208        agp440 - ok
19:36:07.0752 1208        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:36:07.0768 1208        aic78xx - ok
19:36:07.0955 1208        ALDITALKVerbindungsassistent_Service (7067ac22eb74c2e3d4c950050cbb1ac0) C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
19:36:07.0970 1208        ALDITALKVerbindungsassistent_Service - ok
19:36:08.0048 1208        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:36:08.0080 1208        ALG - ok
19:36:08.0173 1208        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:36:08.0189 1208        aliide - ok
19:36:08.0251 1208        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:36:08.0267 1208        amdagp - ok
19:36:08.0267 1208        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:36:08.0282 1208        amdide - ok
19:36:08.0360 1208        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:36:08.0407 1208        AmdK8 - ok
19:36:08.0438 1208        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:36:08.0485 1208        AmdPPM - ok
19:36:08.0563 1208        amdsata        (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
19:36:08.0579 1208        amdsata - ok
19:36:08.0641 1208        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:08.0657 1208        amdsbs - ok
19:36:08.0672 1208        amdxata        (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
19:36:08.0688 1208        amdxata - ok
19:36:08.0828 1208        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:08.0828 1208        AntiVirSchedulerService - ok
19:36:08.0938 1208        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:08.0938 1208        AntiVirService - ok
19:36:09.0000 1208        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:36:09.0109 1208        AppID - ok
19:36:09.0172 1208        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:36:09.0234 1208        AppIDSvc - ok
19:36:09.0281 1208        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:36:09.0328 1208        Appinfo - ok
19:36:09.0484 1208        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:36:09.0484 1208        Apple Mobile Device - ok
19:36:09.0562 1208        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:36:09.0577 1208        arc - ok
19:36:09.0593 1208        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:36:09.0608 1208        arcsas - ok
19:36:09.0624 1208        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:09.0749 1208        AsyncMac - ok
19:36:09.0827 1208        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:36:09.0842 1208        atapi - ok
19:36:09.0920 1208        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:36:09.0967 1208        AudioEndpointBuilder - ok
19:36:09.0983 1208        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:36:10.0014 1208        Audiosrv - ok
19:36:10.0108 1208        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:10.0123 1208        avgntflt - ok
19:36:10.0139 1208        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:36:10.0154 1208        avipbb - ok
19:36:10.0170 1208        avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:10.0186 1208        avkmgr - ok
19:36:10.0248 1208        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:36:10.0295 1208        AxInstSV - ok
19:36:10.0373 1208        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:10.0420 1208        b06bdrv - ok
19:36:10.0513 1208        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:10.0529 1208        b57nd60x - ok
19:36:10.0607 1208        BCA2000        (69bc0073620ceca7450968094e32e3a6) C:\Windows\system32\Drivers\BCA2000.SYS
19:36:10.0638 1208        BCA2000 ( UnsignedFile.Multi.Generic ) - warning
19:36:10.0638 1208        BCA2000 - detected UnsignedFile.Multi.Generic (1)
19:36:10.0669 1208        BCA2000WDM      (2bb9cd94898ef04c7af5d4a899574d4f) C:\Windows\system32\Drivers\BCA2000WDM.SYS
19:36:10.0700 1208        BCA2000WDM ( UnsignedFile.Multi.Generic ) - warning
19:36:10.0700 1208        BCA2000WDM - detected UnsignedFile.Multi.Generic (1)
19:36:10.0747 1208        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:36:10.0778 1208        BDESVC - ok
19:36:10.0856 1208        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:36:10.0919 1208        Beep - ok
19:36:11.0059 1208        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:36:11.0122 1208        BITS - ok
19:36:11.0184 1208        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:11.0246 1208        blbdrive - ok
19:36:11.0465 1208        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:36:11.0480 1208        Bonjour Service - ok
19:36:11.0543 1208        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:36:11.0605 1208        bowser - ok
19:36:11.0683 1208        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:11.0777 1208        BrFiltLo - ok
19:36:11.0839 1208        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:11.0870 1208        BrFiltUp - ok
19:36:11.0964 1208        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:36:12.0026 1208        Browser - ok
19:36:12.0073 1208        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:36:12.0120 1208        Brserid - ok
19:36:12.0151 1208        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:12.0182 1208        BrSerWdm - ok
19:36:12.0245 1208        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:12.0292 1208        BrUsbMdm - ok
19:36:12.0338 1208        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:12.0370 1208        BrUsbSer - ok
19:36:12.0401 1208        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:12.0448 1208        BTHMODEM - ok
19:36:12.0526 1208        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:36:12.0572 1208        bthserv - ok
19:36:12.0604 1208        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:36:12.0650 1208        cdfs - ok
19:36:12.0728 1208        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:36:12.0775 1208        cdrom - ok
19:36:12.0853 1208        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:36:12.0900 1208        CertPropSvc - ok
19:36:12.0978 1208        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:36:12.0994 1208        circlass - ok
19:36:13.0056 1208        CLAVIAUSB      (bf2917077f836c496261c7d0944770cc) C:\Windows\system32\DRIVERS\ClaviaUSB.sys
19:36:13.0072 1208        CLAVIAUSB - ok
19:36:13.0134 1208        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:36:13.0150 1208        CLFS - ok
19:36:13.0274 1208        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:13.0274 1208        clr_optimization_v2.0.50727_32 - ok
19:36:13.0337 1208        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:13.0337 1208        CmBatt - ok
19:36:13.0399 1208        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:36:13.0399 1208        cmdide - ok
19:36:13.0477 1208        CNG            (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
19:36:13.0508 1208        CNG - ok
19:36:13.0571 1208        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:36:13.0586 1208        Compbatt - ok
19:36:13.0649 1208        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:36:13.0696 1208        CompositeBus - ok
19:36:13.0711 1208        COMSysApp - ok
19:36:13.0727 1208        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:13.0742 1208        crcdisk - ok
19:36:13.0820 1208        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
19:36:13.0852 1208        CryptSvc - ok
19:36:13.0930 1208        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:36:13.0976 1208        DcomLaunch - ok
19:36:14.0023 1208        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:36:14.0070 1208        defragsvc - ok
19:36:14.0164 1208        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:36:14.0195 1208        DfsC - ok
19:36:14.0273 1208        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:36:14.0320 1208        Dhcp - ok
19:36:14.0351 1208        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:36:14.0413 1208        discache - ok
19:36:14.0491 1208        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:36:14.0507 1208        Disk - ok
19:36:14.0569 1208        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:36:14.0600 1208        Dnscache - ok
19:36:14.0663 1208        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:36:14.0725 1208        dot3svc - ok
19:36:14.0788 1208        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:36:14.0850 1208        DPS - ok
19:36:14.0912 1208        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:36:14.0959 1208        drmkaud - ok
19:36:15.0022 1208        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:36:15.0053 1208        DXGKrnl - ok
19:36:15.0115 1208        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:36:15.0178 1208        EapHost - ok
19:36:15.0380 1208        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:36:15.0474 1208        ebdrv - ok
19:36:15.0646 1208        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:36:15.0692 1208        EFS - ok
19:36:15.0802 1208        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
19:36:15.0864 1208        ehRecvr - ok
19:36:15.0895 1208        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:36:15.0911 1208        ehSched - ok
19:36:16.0051 1208        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:36:16.0067 1208        elxstor - ok
19:36:16.0145 1208        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:36:16.0192 1208        ErrDev - ok
19:36:16.0270 1208        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:36:16.0348 1208        EventSystem - ok
19:36:16.0441 1208        ewusbnet        (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:36:16.0472 1208        ewusbnet - ok
19:36:16.0597 1208        ew_hwusbdev    (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:36:16.0628 1208        ew_hwusbdev - ok
19:36:16.0722 1208        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:36:16.0769 1208        exfat - ok
19:36:16.0925 1208        Fabs - ok
19:36:16.0956 1208        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:36:17.0003 1208        fastfat - ok
19:36:17.0096 1208        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:36:17.0143 1208        Fax - ok
19:36:17.0221 1208        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:36:17.0221 1208        fdc - ok
19:36:17.0299 1208        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:36:17.0330 1208        fdPHost - ok
19:36:17.0330 1208        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:36:17.0393 1208        FDResPub - ok
19:36:17.0455 1208        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:36:17.0455 1208        FileInfo - ok
19:36:17.0471 1208        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:36:17.0533 1208        Filetrace - ok
19:36:17.0689 1208        FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:36:17.0767 1208        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:36:17.0767 1208        FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:36:18.0032 1208        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:18.0048 1208        flpydisk - ok
19:36:18.0110 1208        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:36:18.0126 1208        FltMgr - ok
19:36:18.0204 1208        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
19:36:18.0266 1208        FontCache - ok
19:36:18.0438 1208        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:18.0438 1208        FontCache3.0.0.0 - ok
19:36:18.0454 1208        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:36:18.0469 1208        FsDepends - ok
19:36:18.0516 1208        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:18.0532 1208        Fs_Rec - ok
19:36:18.0578 1208        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:18.0594 1208        fvevol - ok
19:36:18.0672 1208        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:18.0672 1208        gagp30kx - ok
19:36:18.0719 1208        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:36:18.0734 1208        GEARAspiWDM - ok
19:36:18.0812 1208        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:36:18.0875 1208        gpsvc - ok
19:36:18.0922 1208        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:36:18.0968 1208        hcw85cir - ok
19:36:19.0062 1208        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:36:19.0093 1208        HdAudAddService - ok
19:36:19.0140 1208        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:36:19.0187 1208        HDAudBus - ok
19:36:19.0265 1208        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
19:36:19.0312 1208        HECI - ok
19:36:19.0358 1208        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:19.0374 1208        HidBatt - ok
19:36:19.0436 1208        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:36:19.0468 1208        HidBth - ok
19:36:19.0499 1208        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:36:19.0530 1208        HidIr - ok
19:36:19.0577 1208        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:36:19.0624 1208        hidserv - ok
19:36:19.0702 1208        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:36:19.0717 1208        HidUsb - ok
19:36:19.0764 1208        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:36:19.0826 1208        hkmsvc - ok
19:36:19.0873 1208        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:36:19.0904 1208        HomeGroupListener - ok
19:36:19.0951 1208        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:36:19.0982 1208        HomeGroupProvider - ok
19:36:20.0060 1208        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:36:20.0076 1208        HpSAMD - ok
19:36:20.0154 1208        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:36:20.0185 1208        HTTP - ok
19:36:20.0248 1208        hwdatacard      (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:36:20.0294 1208        hwdatacard - ok
19:36:20.0341 1208        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:36:20.0341 1208        hwpolicy - ok
19:36:20.0357 1208        hwusbdev - ok
19:36:20.0435 1208        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:36:20.0466 1208        i8042prt - ok
19:36:20.0560 1208        iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
19:36:20.0575 1208        iaStor - ok
19:36:20.0794 1208        IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:36:20.0809 1208        IAStorDataMgrSvc - ok
19:36:20.0872 1208        iaStorV        (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
19:36:20.0887 1208        iaStorV - ok
19:36:21.0074 1208        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:21.0106 1208        idsvc - ok
19:36:21.0776 1208        igfx            (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:36:22.0088 1208        igfx - ok
19:36:22.0338 1208        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:36:22.0338 1208        iirsp - ok
19:36:22.0432 1208        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:36:22.0510 1208        IKEEXT - ok
19:36:22.0588 1208        Impcd          (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
19:36:22.0666 1208        Impcd - ok
19:36:22.0853 1208        IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
19:36:22.0931 1208        IntcAzAudAddService - ok
19:36:23.0180 1208        IntcDAud        (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:36:23.0243 1208        IntcDAud - ok
19:36:23.0305 1208        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:36:23.0321 1208        intelide - ok
19:36:23.0399 1208        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:23.0430 1208        intelppm - ok
19:36:23.0477 1208        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:36:23.0524 1208        IPBusEnum - ok
19:36:23.0602 1208        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:23.0664 1208        IpFilterDriver - ok
19:36:23.0742 1208        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:36:23.0773 1208        IPMIDRV - ok
19:36:23.0804 1208        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:36:23.0851 1208        IPNAT - ok
19:36:23.0992 1208        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
19:36:24.0023 1208        iPod Service - ok
19:36:24.0038 1208        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:36:24.0070 1208        IRENUM - ok
19:36:24.0148 1208        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:36:24.0148 1208        isapnp - ok
19:36:24.0179 1208        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:36:24.0194 1208        iScsiPrt - ok
19:36:24.0226 1208        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:36:24.0241 1208        kbdclass - ok
19:36:24.0257 1208        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:36:24.0304 1208        kbdhid - ok
19:36:24.0382 1208        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:24.0397 1208        KeyIso - ok
19:36:24.0444 1208        KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
19:36:24.0460 1208        KSecDD - ok
19:36:24.0522 1208        KSecPkg        (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:24.0538 1208        KSecPkg - ok
19:36:24.0600 1208        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:36:24.0647 1208        KtmRm - ok
19:36:24.0740 1208        L1C            (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys
19:36:24.0756 1208        L1C - ok
19:36:24.0818 1208        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:36:24.0850 1208        LanmanServer - ok
19:36:24.0896 1208        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:36:24.0943 1208        LanmanWorkstation - ok
19:36:25.0037 1208        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:25.0084 1208        lltdio - ok
19:36:25.0130 1208        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:36:25.0162 1208        lltdsvc - ok
19:36:25.0177 1208        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:36:25.0208 1208        lmhosts - ok
19:36:25.0442 1208        LMS            (1e2f802846eb944e0333efee7c9532a8) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:36:25.0442 1208        LMS - ok
19:36:25.0520 1208        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:25.0536 1208        LSI_FC - ok
19:36:25.0583 1208        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:25.0598 1208        LSI_SAS - ok
19:36:25.0645 1208        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:25.0661 1208        LSI_SAS2 - ok
19:36:25.0676 1208        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:25.0676 1208        LSI_SCSI - ok
19:36:25.0754 1208        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:36:25.0786 1208        luafv - ok
19:36:25.0864 1208        MAUSBFASTTRACK  (2f6aac05cbe660784e4df5847208bd53) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
19:36:25.0879 1208        MAUSBFASTTRACK - ok
19:36:25.0942 1208        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
19:36:25.0957 1208        Mcx2Svc - ok
19:36:26.0020 1208        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:36:26.0020 1208        megasas - ok
19:36:26.0082 1208        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:26.0098 1208        MegaSR - ok
19:36:26.0160 1208        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:36:26.0222 1208        MMCSS - ok
19:36:26.0316 1208        mod7700        (8075a313a5a4e0c15e5a974e8a4eec66) C:\Windows\system32\DRIVERS\mod7700.sys
19:36:26.0347 1208        mod7700 - ok
19:36:26.0394 1208        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:36:26.0456 1208        Modem - ok
19:36:26.0488 1208        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:36:26.0519 1208        monitor - ok
19:36:26.0597 1208        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:36:26.0597 1208        mouclass - ok
19:36:26.0644 1208        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:26.0675 1208        mouhid - ok
19:36:26.0753 1208        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:36:26.0753 1208        mountmgr - ok
19:36:26.0893 1208        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:26.0909 1208        MozillaMaintenance - ok
19:36:26.0971 1208        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:36:26.0987 1208        mpio - ok
19:36:27.0049 1208        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:36:27.0096 1208        mpsdrv - ok
19:36:27.0174 1208        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:36:27.0190 1208        MRxDAV - ok
19:36:27.0252 1208        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:27.0314 1208        mrxsmb - ok
19:36:27.0377 1208        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:27.0424 1208        mrxsmb10 - ok
19:36:27.0439 1208        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:27.0470 1208        mrxsmb20 - ok
19:36:27.0564 1208        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:36:27.0564 1208        msahci - ok
19:36:27.0626 1208        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:36:27.0642 1208        msdsm - ok
19:36:27.0704 1208        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:36:27.0736 1208        MSDTC - ok
19:36:27.0782 1208        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:36:27.0814 1208        Msfs - ok
19:36:27.0829 1208        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:27.0876 1208        mshidkmdf - ok
19:36:27.0892 1208        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:36:27.0907 1208        msisadrv - ok
19:36:27.0970 1208        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:36:28.0016 1208        MSiSCSI - ok
19:36:28.0032 1208        msiserver - ok
19:36:28.0048 1208        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:28.0110 1208        MSKSSRV - ok
19:36:28.0157 1208        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:28.0204 1208        MSPCLOCK - ok
19:36:28.0219 1208        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:36:28.0235 1208        MSPQM - ok
19:36:28.0266 1208        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:36:28.0282 1208        MsRPC - ok
19:36:28.0328 1208        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:36:28.0344 1208        mssmbios - ok
19:36:28.0344 1208        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:36:28.0375 1208        MSTEE - ok
19:36:28.0422 1208        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:28.0438 1208        MTConfig - ok
19:36:28.0453 1208        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:36:28.0453 1208        Mup - ok
19:36:28.0531 1208        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:36:28.0594 1208        napagent - ok
19:36:28.0672 1208        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:28.0687 1208        NativeWifiP - ok
19:36:28.0765 1208        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:36:28.0796 1208        NDIS - ok
19:36:28.0843 1208        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:28.0874 1208        NdisCap - ok
19:36:28.0906 1208        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:28.0952 1208        NdisTapi - ok
19:36:29.0030 1208        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:29.0093 1208        Ndisuio - ok
19:36:29.0140 1208        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:29.0171 1208        NdisWan - ok
19:36:29.0233 1208        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:36:29.0280 1208        NDProxy - ok
19:36:29.0358 1208        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:36:29.0405 1208        NetBIOS - ok
19:36:29.0467 1208        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:36:29.0514 1208        NetBT - ok
19:36:29.0561 1208        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:29.0576 1208        Netlogon - ok
19:36:29.0639 1208        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:36:29.0701 1208        Netman - ok
19:36:29.0717 1208        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:36:29.0764 1208        netprofm - ok
19:36:29.0920 1208        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:29.0920 1208        NetTcpPortSharing - ok
19:36:29.0982 1208        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:29.0998 1208        nfrd960 - ok
19:36:30.0060 1208        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:36:30.0107 1208        NlaSvc - ok
19:36:30.0154 1208        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:36:30.0200 1208        Npfs - ok
19:36:30.0247 1208        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:36:30.0278 1208        nsi - ok
19:36:30.0278 1208        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:36:30.0341 1208        nsiproxy - ok
19:36:30.0450 1208        Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
19:36:30.0497 1208        Ntfs - ok
19:36:30.0731 1208        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:36:30.0762 1208        Null - ok
19:36:30.0840 1208        NULOAD          (366f29d481cce8fdb339580bb230521d) C:\Windows\system32\Drivers\bca2000ldr.sys
19:36:30.0871 1208        NULOAD ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0871 1208        NULOAD - detected UnsignedFile.Multi.Generic (1)
19:36:30.0949 1208        nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
19:36:30.0965 1208        nvraid - ok
19:36:30.0980 1208        nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
19:36:30.0996 1208        nvstor - ok
19:36:31.0058 1208        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:36:31.0074 1208        nv_agp - ok
19:36:31.0199 1208        NxpCap          (6ed44348ca155a86a5b9802db2cebc69) C:\Windows\system32\DRIVERS\NxpCap.sys
19:36:31.0277 1208        NxpCap - ok
19:36:31.0448 1208        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:36:31.0480 1208        odserv - ok
19:36:31.0776 1208        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:36:31.0823 1208        ohci1394 - ok
19:36:31.0870 1208        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:31.0885 1208        ose - ok
19:36:31.0948 1208        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:36:31.0994 1208        p2pimsvc - ok
19:36:32.0041 1208        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:36:32.0057 1208        p2psvc - ok
19:36:32.0150 1208        paeusbaudio    (6bd1e796b0c7a2f6a128584ad4a0301b) C:\Windows\system32\DRIVERS\paeusbaudio.sys
19:36:32.0166 1208        paeusbaudio - ok
19:36:32.0197 1208        paeusbaudiodsp  (4d4cef421581f69078215c19966daf50) C:\Windows\system32\DRIVERS\paeusbaudiodsp.sys
19:36:32.0213 1208        paeusbaudiodsp - ok
19:36:32.0228 1208        paeusbaudioks  (1bab9cd064c3d807931f52fc4a4aa221) C:\Windows\system32\DRIVERS\paeusbaudioks.sys
19:36:32.0244 1208        paeusbaudioks - ok
19:36:32.0291 1208        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:36:32.0322 1208        Parport - ok
19:36:32.0369 1208        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
19:36:32.0369 1208        partmgr - ok
19:36:32.0400 1208        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:36:32.0431 1208        Parvdm - ok
19:36:32.0478 1208        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:36:32.0494 1208        PcaSvc - ok
19:36:32.0556 1208        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:36:32.0572 1208        pci - ok
19:36:32.0587 1208        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:36:32.0603 1208        pciide - ok
19:36:32.0650 1208        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:32.0665 1208        pcmcia - ok
19:36:32.0728 1208        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:36:32.0743 1208        pcw - ok
19:36:32.0790 1208        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:36:32.0852 1208        PEAUTH - ok
19:36:32.0962 1208        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:36:33.0040 1208        pla - ok
19:36:33.0242 1208        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:36:33.0274 1208        PlugPlay - ok
19:36:33.0320 1208        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:36:33.0352 1208        PNRPAutoReg - ok
19:36:33.0398 1208        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:36:33.0414 1208        PNRPsvc - ok
19:36:33.0476 1208        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:36:33.0508 1208        PolicyAgent - ok
19:36:33.0570 1208        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:36:33.0601 1208        Power - ok
19:36:33.0710 1208        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:33.0742 1208        PptpMiniport - ok
19:36:33.0788 1208        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:36:33.0835 1208        Processor - ok
19:36:33.0882 1208        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:36:33.0913 1208        ProfSvc - ok
19:36:33.0960 1208        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:33.0960 1208        ProtectedStorage - ok
19:36:34.0022 1208        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:36:34.0085 1208        Psched - ok
19:36:34.0225 1208        PSI_SVC_2      (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:36:34.0225 1208        PSI_SVC_2 - ok
19:36:34.0350 1208        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:36:34.0397 1208        ql2300 - ok
19:36:34.0631 1208        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:34.0646 1208        ql40xx - ok
19:36:34.0709 1208        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:36:34.0740 1208        QWAVE - ok
19:36:34.0787 1208        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:36:34.0802 1208        QWAVEdrv - ok
19:36:34.0818 1208        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:34.0865 1208        RasAcd - ok
19:36:34.0943 1208        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:34.0990 1208        RasAgileVpn - ok
19:36:35.0036 1208        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:36:35.0068 1208        RasAuto - ok
19:36:35.0068 1208        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:35.0130 1208        Rasl2tp - ok
19:36:35.0177 1208        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:36:35.0239 1208        RasMan - ok
19:36:35.0317 1208        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:35.0364 1208        RasPppoe - ok
19:36:35.0395 1208        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:35.0442 1208        RasSstp - ok
19:36:35.0504 1208        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:35.0567 1208        rdbss - ok
19:36:35.0614 1208        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:35.0629 1208        rdpbus - ok
19:36:35.0676 1208        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:35.0723 1208        RDPCDD - ok
19:36:35.0801 1208        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:36:35.0848 1208        RDPENCDD - ok
19:36:35.0848 1208        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:36:35.0879 1208        RDPREFMP - ok
19:36:35.0941 1208        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
19:36:35.0972 1208        RDPWD - ok
19:36:36.0050 1208        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:36:36.0066 1208        rdyboost - ok
19:36:36.0113 1208        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:36:36.0144 1208        RemoteAccess - ok
19:36:36.0206 1208        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:36:36.0269 1208        RemoteRegistry - ok
19:36:36.0300 1208        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:36:36.0347 1208        RpcEptMapper - ok
19:36:36.0394 1208        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:36:36.0425 1208        RpcLocator - ok
19:36:36.0487 1208        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:36:36.0518 1208        RpcSs - ok
19:36:36.0581 1208        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:36.0612 1208        rspndr - ok
19:36:36.0659 1208        RSUSBSTOR      (a633399432491bb173bb3cf3b41b9c55) C:\Windows\System32\Drivers\RtsUStor.sys
19:36:36.0674 1208        RSUSBSTOR - ok
19:36:36.0768 1208        rtl8192se      (7ac9f43613cd0ee40bebbf150ff3a189) C:\Windows\system32\DRIVERS\rtl8192se.sys
19:36:36.0799 1208        rtl8192se - ok
19:36:36.0862 1208        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:36.0862 1208        SamSs - ok
19:36:37.0049 1208        SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:36:37.0049 1208        SASDIFSV - ok
19:36:37.0096 1208        SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:36:37.0111 1208        SASKUTIL - ok
19:36:37.0174 1208        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:36:37.0189 1208        sbp2port - ok
19:36:37.0252 1208        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:36:37.0283 1208        SCardSvr - ok
19:36:37.0330 1208        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:37.0376 1208        scfilter - ok
19:36:37.0454 1208        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:36:37.0517 1208        Schedule - ok
19:36:37.0564 1208        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:36:37.0595 1208        SCPolicySvc - ok
19:36:37.0642 1208        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:36:37.0673 1208        SDRSVC - ok
19:36:37.0751 1208        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:36:37.0766 1208        secdrv - ok
19:36:37.0829 1208        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:36:37.0876 1208        seclogon - ok
19:36:37.0907 1208        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:36:37.0938 1208        SENS - ok
19:36:37.0954 1208        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:36:37.0985 1208        SensrSvc - ok
19:36:38.0063 1208        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:36:38.0110 1208        Serenum - ok
19:36:38.0141 1208        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:36:38.0172 1208        Serial - ok
19:36:38.0250 1208        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:36:38.0281 1208        sermouse - ok
19:36:38.0328 1208        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:36:38.0390 1208        SessionEnv - ok
19:36:38.0437 1208        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:36:38.0468 1208        sffdisk - ok
19:36:38.0484 1208        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:36:38.0500 1208        sffp_mmc - ok
19:36:38.0515 1208        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:36:38.0531 1208        sffp_sd - ok
19:36:38.0609 1208        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:38.0624 1208        sfloppy - ok
19:36:38.0687 1208        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:36:38.0749 1208        ShellHWDetection - ok
19:36:38.0812 1208        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:36:38.0827 1208        sisagp - ok
19:36:38.0890 1208        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:38.0905 1208        SiSRaid2 - ok
19:36:38.0921 1208        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:38.0921 1208        SiSRaid4 - ok
19:36:39.0061 1208        SkypeUpdate    (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
19:36:39.0061 1208        SkypeUpdate - ok
19:36:39.0124 1208        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:36:39.0155 1208        Smb - ok
19:36:39.0217 1208        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:36:39.0233 1208        SNMPTRAP - ok
19:36:39.0264 1208        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:36:39.0264 1208        spldr - ok
19:36:39.0342 1208        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:36:39.0389 1208        Spooler - ok
19:36:39.0560 1208        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:36:39.0654 1208        sppsvc - ok
19:36:39.0841 1208        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:36:39.0888 1208        sppuinotify - ok
19:36:39.0997 1208        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:36:40.0060 1208        srv - ok
19:36:40.0091 1208        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:36:40.0122 1208        srv2 - ok
19:36:40.0153 1208        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:40.0184 1208        srvnet - ok
19:36:40.0231 1208        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:36:40.0294 1208        SSDPSRV - ok
19:36:40.0387 1208        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:40.0387 1208        ssmdrv - ok
19:36:40.0418 1208        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:36:40.0465 1208        SstpSvc - ok
19:36:40.0512 1208        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:36:40.0512 1208        stexstor - ok
19:36:40.0590 1208        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:36:40.0637 1208        StiSvc - ok
19:36:40.0684 1208        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:36:40.0699 1208        swenum - ok
19:36:40.0762 1208        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:36:40.0808 1208        swprv - ok
19:36:40.0871 1208        SynTP          (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys
19:36:40.0886 1208        SynTP - ok
19:36:40.0996 1208        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:36:41.0027 1208        SysMain - ok
19:36:41.0074 1208        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:36:41.0120 1208        TabletInputService - ok
19:36:41.0183 1208        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:36:41.0214 1208        TapiSrv - ok
19:36:41.0276 1208        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:36:41.0308 1208        TBS - ok
19:36:41.0464 1208        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
19:36:41.0495 1208        Tcpip - ok
19:36:41.0807 1208        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:41.0838 1208        TCPIP6 - ok
19:36:41.0932 1208        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:36:41.0994 1208        tcpipreg - ok
19:36:42.0041 1208        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:36:42.0088 1208        TDPIPE - ok
19:36:42.0103 1208        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:36:42.0150 1208        TDTCP - ok
19:36:42.0181 1208        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:36:42.0228 1208        tdx - ok
19:36:42.0244 1208        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:36:42.0259 1208        TermDD - ok
19:36:42.0306 1208        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:36:42.0353 1208        TermService - ok
19:36:42.0400 1208        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:36:42.0415 1208        Themes - ok
19:36:42.0478 1208        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:36:42.0509 1208        THREADORDER - ok
19:36:42.0618 1208        TPkd            (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
19:36:42.0618 1208        TPkd ( UnsignedFile.Multi.Generic ) - warning
19:36:42.0618 1208        TPkd - detected UnsignedFile.Multi.Generic (1)
19:36:42.0634 1208        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:36:42.0680 1208        TrkWks - ok
19:36:42.0774 1208        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:36:42.0836 1208        TrustedInstaller - ok
19:36:42.0868 1208        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:42.0899 1208        tssecsrv - ok
19:36:42.0961 1208        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:36:42.0977 1208        TsUsbFlt - ok
19:36:43.0039 1208        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:43.0102 1208        tunnel - ok
19:36:43.0148 1208        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:36:43.0148 1208        uagp35 - ok
19:36:43.0226 1208        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:36:43.0273 1208        udfs - ok
19:36:43.0336 1208        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:36:43.0367 1208        UI0Detect - ok
19:36:43.0445 1208        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:36:43.0460 1208        uliagpkx - ok
19:36:43.0507 1208        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:36:43.0523 1208        umbus - ok
19:36:43.0585 1208        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:36:43.0616 1208        UmPass - ok
19:36:43.0975 1208        UNS            (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:36:44.0038 1208        UNS - ok
19:36:44.0209 1208        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:36:44.0240 1208        upnphost - ok
19:36:44.0350 1208        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
19:36:44.0365 1208        USBAAPL - ok
19:36:44.0428 1208        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:36:44.0459 1208        usbaudio - ok
19:36:44.0490 1208        usbccgp        (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:44.0537 1208        usbccgp - ok
19:36:44.0568 1208        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:36:44.0599 1208        usbcir - ok
19:36:44.0677 1208        usbehci        (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
19:36:44.0693 1208        usbehci - ok
19:36:44.0724 1208        usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
19:36:44.0755 1208        usbhub - ok
19:36:44.0786 1208        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
19:36:44.0818 1208        usbohci - ok
19:36:44.0896 1208        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:36:44.0911 1208        usbprint - ok
19:36:44.0974 1208        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:36:44.0989 1208        usbscan - ok
19:36:45.0052 1208        USBSTOR        (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
19:36:45.0067 1208        USBSTOR - ok
19:36:45.0083 1208        usbuhci        (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
19:36:45.0114 1208        usbuhci - ok
19:36:45.0161 1208        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:36:45.0208 1208        usbvideo - ok
19:36:45.0254 1208        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:36:45.0317 1208        UxSms - ok
19:36:45.0348 1208        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:36:45.0364 1208        VaultSvc - ok
19:36:45.0442 1208        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:36:45.0457 1208        vdrvroot - ok
19:36:45.0520 1208        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:36:45.0582 1208        vds - ok
19:36:45.0660 1208        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:45.0676 1208        vga - ok
19:36:45.0676 1208        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:36:45.0707 1208        VgaSave - ok
19:36:45.0722 1208        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:36:45.0738 1208        vhdmp - ok
19:36:45.0800 1208        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:36:45.0816 1208        viaagp - ok
19:36:45.0832 1208        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:36:45.0847 1208        ViaC7 - ok
19:36:45.0878 1208        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:36:45.0878 1208        viaide - ok
19:36:45.0894 1208        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:36:45.0910 1208        volmgr - ok
19:36:45.0941 1208        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:36:45.0956 1208        volmgrx - ok
19:36:45.0972 1208        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:36:45.0988 1208        volsnap - ok
19:36:46.0066 1208        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:46.0066 1208        vsmraid - ok
19:36:46.0159 1208        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:36:46.0222 1208        VSS - ok
19:36:46.0268 1208        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:46.0300 1208        vwifibus - ok
19:36:46.0331 1208        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:46.0346 1208        vwififlt - ok
19:36:46.0378 1208        vwifimp        (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
19:36:46.0393 1208        vwifimp - ok
19:36:46.0471 1208        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:36:46.0534 1208        W32Time - ok
19:36:46.0580 1208        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:36:46.0612 1208        WacomPen - ok
19:36:46.0690 1208        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:46.0752 1208        WANARP - ok
19:36:46.0752 1208        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:46.0783 1208        Wanarpv6 - ok
19:36:46.0877 1208        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:36:46.0908 1208        wbengine - ok
19:36:46.0955 1208        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:36:46.0970 1208        WbioSrvc - ok
19:36:47.0048 1208        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:36:47.0095 1208        wcncsvc - ok
19:36:47.0126 1208        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:36:47.0158 1208        WcsPlugInService - ok
19:36:47.0251 1208        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:36:47.0267 1208        Wd - ok
19:36:47.0329 1208        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:36:47.0360 1208        Wdf01000 - ok
19:36:47.0376 1208        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:36:47.0407 1208        WdiServiceHost - ok
19:36:47.0423 1208        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:36:47.0438 1208        WdiSystemHost - ok
19:36:47.0485 1208        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:36:47.0501 1208        WebClient - ok
19:36:47.0548 1208        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:36:47.0579 1208        Wecsvc - ok
19:36:47.0594 1208        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:36:47.0641 1208        wercplsupport - ok
19:36:47.0672 1208        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:36:47.0704 1208        WerSvc - ok
19:36:47.0735 1208        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:47.0766 1208        WfpLwf - ok
19:36:47.0828 1208        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:36:47.0828 1208        WIMMount - ok
19:36:47.0844 1208        WinHttpAutoProxySvc - ok
19:36:47.0953 1208        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:36:48.0016 1208        Winmgmt - ok
19:36:48.0109 1208        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:36:48.0187 1208        WinRM - ok
19:36:48.0328 1208        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:48.0359 1208        WinUsb - ok
19:36:48.0530 1208        WisLMSvc        (4c69a8e2e159c1c59bc4b688e9dd7f8c) C:\Program Files\Launch Manager\WisLMSvc.exe
19:36:48.0546 1208        WisLMSvc - ok
19:36:48.0640 1208        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:36:48.0686 1208        Wlansvc - ok
19:36:48.0889 1208        wlidsvc        (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:36:48.0936 1208        wlidsvc - ok
19:36:49.0170 1208        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:36:49.0186 1208        WmiAcpi - ok
19:36:49.0295 1208        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:49.0326 1208        wmiApSrv - ok
19:36:49.0498 1208        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:49.0529 1208        WMPNetworkSvc - ok
19:36:49.0716 1208        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:36:49.0747 1208        WPCSvc - ok
19:36:49.0794 1208        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:36:49.0810 1208        WPDBusEnum - ok
19:36:49.0919 1208        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:49.0981 1208        ws2ifsl - ok
19:36:49.0981 1208        WSearch - ok
19:36:50.0106 1208        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:36:50.0168 1208        wuauserv - ok
19:36:50.0402 1208        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:36:50.0434 1208        WudfPf - ok
19:36:50.0496 1208        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:50.0527 1208        WUDFRd - ok
19:36:50.0574 1208        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:36:50.0605 1208        wudfsvc - ok
19:36:50.0668 1208        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:36:50.0699 1208        WwanSvc - ok
19:36:50.0777 1208        X10Hid          (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
19:36:50.0792 1208        X10Hid - ok
19:36:50.0933 1208        x10nets        (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
19:36:50.0933 1208        x10nets ( UnsignedFile.Multi.Generic ) - warning
19:36:50.0933 1208        x10nets - detected UnsignedFile.Multi.Generic (1)
19:36:51.0011 1208        XUIF            (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\System32\Drivers\x10ufx2.sys
19:36:51.0011 1208        XUIF - ok
19:36:51.0073 1208        MBR (0x1B8)    (2e0fe7fc299470e30383716b164cf901) \Device\Harddisk0\DR0
19:36:53.0975 1208        \Device\Harddisk0\DR0 - ok
19:36:53.0975 1208        Boot (0x1200)  (3077d2422fbc886b8a450275f1264c95) \Device\Harddisk0\DR0\Partition0
19:36:53.0975 1208        \Device\Harddisk0\DR0\Partition0 - ok
19:36:54.0006 1208        Boot (0x1200)  (d3dbe3ace1da0c70b3f97db81e15c396) \Device\Harddisk0\DR0\Partition1
19:36:54.0006 1208        \Device\Harddisk0\DR0\Partition1 - ok
19:36:54.0037 1208        Boot (0x1200)  (7d3b8b28f175e6798ff316d400457adf) \Device\Harddisk0\DR0\Partition2
19:36:54.0037 1208        \Device\Harddisk0\DR0\Partition2 - ok
19:36:54.0037 1208        ============================================================
19:36:54.0037 1208        Scan finished
19:36:54.0037 1208        ============================================================
19:36:54.0053 3144        Detected object count: 6
19:36:54.0053 3144        Actual detected object count: 6
19:37:05.0862 3144        BCA2000 ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144        BCA2000 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144        BCA2000WDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144        BCA2000WDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144        FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144        NULOAD ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144        NULOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144        TPkd ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144        TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:37:05.0862 3144        x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:37:05.0862 3144        x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 13.08.2012 19:29
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

BlegJakun 13.08.2012 20:33
Hier ist der Log:

Code:
ComboFix 12-08-13.01 - Anne 13.08.2012  21:20:30.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.2935.2091 [GMT 2:00]
ausgeführt von:: c:\users\Anne\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-13 bis 2012-08-13  ))))))))))))))))))))))))))))))
.
.
2012-08-13 19:27 . 2012-08-13 19:29        --------        d-----w-        c:\users\Anne\AppData\Local\temp
2012-08-13 15:39 . 2012-08-13 15:39        --------        d-----w-        C:\_OTL
2012-08-11 10:34 . 2012-08-11 10:34        --------        d-----w-        c:\program files\ESET
2012-08-09 12:39 . 2012-08-09 12:39        --------        d-----w-        c:\users\Anne\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 12:38 . 2012-08-09 12:39        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-08-09 12:38 . 2012-08-09 12:38        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-08-09 09:23 . 2012-08-09 09:23        --------        d-----w-        c:\program files\Common Files\Skype
2012-08-09 09:23 . 2012-08-09 09:23        --------        d-----r-        c:\program files\Skype
2012-08-06 09:52 . 2012-08-06 09:52        --------        d-----w-        c:\windows\system32\SPReview
2012-08-06 09:36 . 2012-08-06 09:36        --------        d-----w-        c:\program files\Common Files\Adobe
2012-08-06 09:34 . 2012-08-06 09:34        --------        d-----w-        c:\program files\Common Files\Java
2012-08-06 09:34 . 2012-08-06 09:34        --------        d-----w-        c:\program files\Oracle
2012-08-06 09:33 . 2012-07-05 20:06        772544        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-08-06 09:31 . 2012-08-06 09:31        --------        d-----w-        c:\users\Anne\AppData\Local\Macromedia
2012-08-06 09:29 . 2012-08-06 09:29        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-08-06 09:29 . 2012-08-06 09:29        157608        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-08-06 09:29 . 2012-08-06 09:29        113120        ----a-w-        c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-08-06 09:29 . 2012-08-06 09:29        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-06 09:29 . 2012-08-06 09:29        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-06 08:58 . 2012-08-06 08:58        --------        d-----w-        c:\program files\7-Zip
2012-08-05 08:18 . 2012-08-05 08:18        --------        d-----w-        c:\users\Anne\AppData\Local\Downloaded Installations
2012-08-04 16:31 . 2012-08-04 16:31        --------        d-----w-        c:\users\Anne\AppData\Roaming\Malwarebytes
2012-08-04 16:31 . 2012-08-04 16:31        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-04 16:31 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-04 16:31 . 2012-08-04 16:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-04 12:09 . 2012-08-04 12:09        259072        ----a-w-        c:\windows\system32\services.exe
2012-08-01 13:04 . 2012-08-04 18:07        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0
2012-07-30 13:13 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CCDF5C89-77DB-45AF-A00E-F0E210EC2414}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-06 10:36 . 2012-05-22 16:24        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-06 10:36 . 2012-05-22 16:24        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-06 09:59 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2012-08-05 09:43 . 2009-07-13 23:11        259072        ----a-w-        c:\windows\system32\services.exe.AOSS
2012-07-23 08:14 . 2010-07-08 08:05        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-23 08:14 . 2010-07-08 07:53        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-23 08:14 . 2010-07-08 07:51        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-05 20:06 . 2010-04-22 14:19        687544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-01 08:58 . 2012-07-01 19:05        860928        ----a-w-        c:\windows\system32\drivers\mod7700.sys
2012-07-01 08:58 . 2012-07-01 08:58        26496        ----a-w-        c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-01 08:58 . 2012-07-01 08:58        11136        ----a-w-        c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-01 08:58 . 2012-07-01 08:58        1112288        ----a-w-        c:\windows\system32\WdfCoInstaller01007.dll
2012-07-01 08:58 . 2012-07-01 08:58        1112288        ----a-w-        c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-01 08:58 . 2012-07-01 19:05        23424        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys
2012-07-01 08:58 . 2012-07-01 19:05        116736        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2012-07-01 08:58 . 2012-07-01 19:05        106880        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2012-07-01 08:58 . 2012-07-01 08:58        82816        ----a-w-        c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-01 08:58 . 2012-07-01 08:58        72576        ----a-w-        c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-01 08:58 . 2012-07-01 08:58        51456        ----a-w-        c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-01 08:58 . 2012-07-01 08:58        102784        ----a-w-        c:\windows\system32\drivers\ew_hwusbdev.sys
2012-06-12 02:40 . 2012-07-12 15:48        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-12 15:50        1390080        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-12 15:50        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-12 15:50        805376        ----a-w-        c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-25 16:51        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 16:51        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 16:51        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 16:51        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 16:51        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 16:51        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 16:51        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 16:50        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-25 16:50        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 15:51        1800192        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 15:51        1129472        ----a-w-        c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 15:51        1427968        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 15:51        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 15:51        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-12 15:50        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-12 15:50        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-12 15:50        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-12 15:50        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-12 15:50        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2010-04-22 11:13        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-05-22 16:46 . 2010-07-01 08:00        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-22 16:45 . 2010-07-01 08:00        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-22 16:45 . 2010-07-01 08:00        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-06 09:29 . 2012-01-02 17:07        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-06 694816]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-7-1 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^Anne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCA2000]
2010-07-29 15:47        946176        ----a-w-        c:\windows\System32\bca2kcpan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-11-02 12:21        103720        ------w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07        252296        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 NULOAD;Behringer BCA2000 Bootloader;c:\windows\system32\Drivers\bca2000ldr.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BCA2000;Behringer BCA2000 V2.1.0.6;c:\windows\system32\Drivers\BCA2000.SYS [x]
R3 BCA2000WDM;Behringer BCA2000WDM V2.1.0.6;c:\windows\system32\Drivers\BCA2000WDM.SYS [x]
R3 CLAVIAUSB;CLAVIAUSB;c:\windows\system32\DRIVERS\ClaviaUSB.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
R3 paeusbaudio;paeusbaudio;c:\windows\system32\DRIVERS\paeusbaudio.sys [x]
R3 paeusbaudiodsp;paeusbaudiodsp;c:\windows\system32\DRIVERS\paeusbaudiodsp.sys [x]
R3 paeusbaudioks;paeusbaudioks;c:\windows\system32\DRIVERS\paeusbaudioks.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-22 10:36]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\xmw4219a.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AudioBox VSL - (no file)
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
SafeBoot-BsScanner
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-Arturia.Minimoog.V.v1.5-DAC - c:\progra~1\Arturia\MINIMO~1\UNWISE.EXE
AddRemove-M30 Reverb - c:\program files\TC Electronic\M30 Reverb\Native\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-13  21:34:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-13 19:34
.
Vor Suchlauf: 11 Verzeichnis(se), 32.588.107.776 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.250.806.272 Bytes frei
.
- - End Of File - - 679425D39E33BBEEDC0D410EB14496CD

cosinus 14.08.2012 14:22
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

BlegJakun 14.08.2012 19:57
So alles ist gescannt :)

GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 20:20:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O
Running: 7jwgcmr3.exe; Driver: C:\Users\Anne\AppData\Local\Temp\pwldrpow.sys


---- System - GMER 1.0.15 ----

SSDT            913D78A6                                                                                                                                                        ZwCreateSection
SSDT            913D78B0                                                                                                                                                        ZwRequestWaitReplyPort
SSDT            913D78AB                                                                                                                                                        ZwSetContextThread
SSDT            913D78B5                                                                                                                                                        ZwSetSecurityObject
SSDT            913D78BA                                                                                                                                                        ZwSystemDebugControl
SSDT            913D7847                                                                                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                        8323E3C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                          83277D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                            8327EEAC 4 Bytes  [A6, 78, 3D, 91] {CMPSB ; JS 0x40; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                            8327F208 4 Bytes  [B0, 78, 3D, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                                            8327F24C 4 Bytes  [AB, 78, 3D, 91] {STOSD ; JS 0x40; XCHG ECX, EAX}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                                            8327F2C8 4 Bytes  [B5, 78, 3D, 91]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                                            8327F31C 4 Bytes  [BA, 78, 3D, 91]
.text          ...                                                                                                                                                           
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                                            B16E5000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                                            B16E5123 629 Bytes  [05, 6E, B1, FE, 05, 34, 05, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                                                            B16E5399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                                                            B16E53FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                                                            B16E54AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                                                           

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[2772] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75BAFFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
OSAM:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:29:33 on 14.08.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"M-AudioFastTrackControlPanelApplet.cpl" - "M-Audio, a division of Avid Technology, Inc." - C:\Windows\system32\M-AudioFastTrackControlPanelApplet.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"Behringer BCA2000 Bootloader" (NULOAD) - ? - C:\Windows\System32\Drivers\bca2000ldr.sys  (File found, but it contains no detailed information)
"Behringer BCA2000 V2.1.0.6" (BCA2000) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCA2000.SYS
"Behringer BCA2000WDM V2.1.0.6" (BCA2000WDM) - "Behringer Spezielle Studiotechnik GmbH" - C:\Windows\System32\Drivers\BCA2000WDM.SYS
"catchme" (catchme) - ? - C:\Users\Anne\AppData\Local\Temp\catchme.sys  (File not found)
"Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\Windows\System32\DRIVERS\ewusbdev.sys  (File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TPkd" (TPkd) - "PACE Anti-Piracy, Inc." - C:\Windows\system32\drivers\TPkd.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Launcher.lnk" - ? - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"LMgrVolOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"M-Audio Taskbar Icon" - "Avid Technology, Inc." - C:\Windows\system32\M-AudioTaskBarIcon.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Wbutton" - "Wistron Corp." - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"ALDITALKVerbindungsassistent_Service" (ALDITALKVerbindungsassistent_Service) - ? - C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe  (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Und aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 20:31:55
-----------------------------
20:31:55.124    OS Version: Windows 6.1.7601 Service Pack 1
20:31:55.124    Number of processors: 4 586 0x2502
20:31:55.124    ComputerName: ANNE-PC  UserName: Anne
20:32:08.524    Initialize success
20:32:52.953    AVAST engine defs: 12081400
20:33:05.324    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:33:05.324    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:33:05.324    Disk 0 MBR read successfully
20:33:05.339    Disk 0 MBR scan
20:33:05.339    Disk 0 unknown MBR code
20:33:05.355    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:33:05.371    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
20:33:05.402    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
20:33:05.417    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
20:33:05.433    Disk 0 scanning sectors +625139712
20:33:05.480    Disk 0 scanning C:\Windows\system32\drivers
20:33:22.921    Service scanning
20:34:08.519    Modules scanning
20:34:24.993    Disk 0 trace - called modules:
20:34:25.009    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:34:25.024    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x883ce948]
20:34:25.024    3 CLASSPNP.SYS[8bb8559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8685e028]
20:34:25.913    AVAST engine scan C:\Windows
20:34:29.221    AVAST engine scan C:\Windows\system32
20:37:38.777    AVAST engine scan C:\Windows\system32\drivers
20:37:56.561    AVAST engine scan C:\Users\Anne
20:53:47.367    AVAST engine scan C:\ProgramData
20:55:15.866    Scan finished successfully
20:56:27.189    Disk 0 MBR has been saved successfully to "C:\Users\Anne\Desktop\MBR.dat"
20:56:27.189    The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 20:58:29
-----------------------------
20:58:29.579    OS Version: Windows 6.1.7601 Service Pack 1
20:58:29.579    Number of processors: 4 586 0x2502
20:58:29.579    ComputerName: ANNE-PC  UserName: Anne
20:58:30.858    Initialize success
20:58:36.256    AVAST engine defs: 12081400
20:58:39.126    The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBR.txt"

cosinus 15.08.2012 13:13
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

BlegJakun 15.08.2012 14:31
Habe den MRBFix Button gedrückt. Hat aber nicht lange gedauert, hoffe das ist alles richtig so.

Hier der Log des anschließenden Scans:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 15:01:39
-----------------------------
15:01:39.592    OS Version: Windows 6.1.7601 Service Pack 1
15:01:39.592    Number of processors: 4 586 0x2502
15:01:39.607    ComputerName: ANNE-PC  UserName: Anne
15:01:42.181    Initialize success
15:01:48.624    AVAST engine defs: 12081400
15:01:52.524    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:01:52.524    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
15:01:52.540    Disk 0 MBR read successfully
15:01:52.555    Disk 0 MBR scan
15:01:52.555    Disk 0 Windows 7 default MBR code
15:01:52.571    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:01:52.587    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
15:01:52.618    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
15:01:52.633    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
15:01:52.649    Disk 0 scanning sectors +625139712
15:01:52.696    Disk 0 scanning C:\Windows\system32\drivers
15:02:04.911    Service scanning
15:02:38.747    Modules scanning
15:03:05.657    Disk 0 trace - called modules:
15:03:05.688    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:03:05.688    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x883cd618]
15:03:05.704    3 CLASSPNP.SYS[8bb7359e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86457028]
15:03:06.765    AVAST engine scan C:\Windows
15:03:10.743    AVAST engine scan C:\Windows\system32
15:06:01.111    AVAST engine scan C:\Windows\system32\drivers
15:06:14.792    AVAST engine scan C:\Users\Anne
15:21:43.571    AVAST engine scan C:\ProgramData
15:25:21.612    Scan finished successfully
15:31:27.339    Disk 0 MBR has been saved successfully to "C:\Users\Anne\Desktop\MBR.dat"
15:31:27.339    The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBR2.txt"
Lieben Gruß,

Tim

cosinus 15.08.2012 20:29
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

BlegJakun 16.08.2012 12:25
So habe beide Scans gemacht. Hier die Logs:

Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Anne :: ANNE-PC [Administrator]

16.08.2012 09:44:28
mbam-log-2012-08-16 (09-44-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411119
Laufzeit: 1 Stunde(n), 47 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Bei Malewarebytes befinden sich noch Dateien in der Quarantäne - kann ich diese einfach dort belassen?

Superantispyware: ( habe die 20 Cookies entfernen lassen )

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/16/2012 at 01:01 PM

Application Version : 5.5.1012

Core Rules Database Version : 9067
Trace Rules Database Version: 6879

Scan type      : Quick Scan
Total Scan Time : 00:49:52

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 602
Memory threats detected  : 0
Registry items scanned    : 27536
Registry threats detected : 0
File items scanned        : 26694
File threats detected    : 20

Adware.Tracking Cookie
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\7E1ZVGW2.txt [ /c.atdmt.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\U3D13YSQ.txt [ /imrworldwide.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\KGOL62ZU.txt [ /adfarm1.adition.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\D8B02B6N.txt [ /fastclick.net ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\VI108S8Y.txt [ /apmebf.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\0O8DU195.txt [ /ad.zanox.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\YAPXA9Z7.txt [ /atdmt.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\8WVT3US1.txt [ /zanox.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\19CJ8BTM.txt [ /mediaplex.com ]
        C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Cookies\NKVGLNPH.txt [ /ad1.adfarm1.adition.com ]
        C:\USERS\ANNE\Cookies\7E1ZVGW2.txt [ Cookie:anne@c.atdmt.com/ ]
        C:\USERS\ANNE\Cookies\U3D13YSQ.txt [ Cookie:anne@imrworldwide.com/cgi-bin ]
        C:\USERS\ANNE\Cookies\KGOL62ZU.txt [ Cookie:anne@adfarm1.adition.com/ ]
        C:\USERS\ANNE\Cookies\D8B02B6N.txt [ Cookie:anne@fastclick.net/ ]
        C:\USERS\ANNE\Cookies\VI108S8Y.txt [ Cookie:anne@apmebf.com/ ]
        C:\USERS\ANNE\Cookies\0O8DU195.txt [ Cookie:anne@ad.zanox.com/ ]
        C:\USERS\ANNE\Cookies\YAPXA9Z7.txt [ Cookie:anne@atdmt.com/ ]
        C:\USERS\ANNE\Cookies\8WVT3US1.txt [ Cookie:anne@zanox.com/ ]
        C:\USERS\ANNE\Cookies\19CJ8BTM.txt [ Cookie:anne@mediaplex.com/ ]
        C:\USERS\ANNE\Cookies\NKVGLNPH.txt [ Cookie:anne@ad1.adfarm1.adition.com/ ]Su
Lieben Gruß,

Tim

cosinus 16.08.2012 13:52
Code:
UAC On - Limited User
Wie hast du SASW gestartet? Einfach per Doppelklick?

Code:
Scan type      : Quick Scan
Warum nur Quickscan? Was steht in der Anleitung? :pfeiff:

BlegJakun 16.08.2012 13:53
Ja, einfach mit Doppelklick.

Oh den letzten Satz hab ich grade erst gelesen. Hab ich mich wohl verguckt ^^ Ich mach gleich nochmal einen Vollscan als Administrator :)

Öh. :balla: Da wurde ja jetzt ne ganze Menge mehr gefunden ^^

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/16/2012 at 05:38 PM

Application Version : 5.5.1012

Core Rules Database Version : 9068
Trace Rules Database Version: 6880

Scan type      : Complete Scan
Total Scan Time : 02:26:05

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 701
Memory threats detected  : 0
Registry items scanned    : 35882
Registry threats detected : 0
File items scanned        : 176925
File threats detected    : 325

Trojan.Agent/Gen-FraudTool[Tiny]
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1370@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1DC@1F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1084@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1438@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D0AC@6D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11994@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15A5D8@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1240@1412770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1350@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@103C@1482770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1382770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A8@1632770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C9B8@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD4@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16E8@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@27E0C@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F8@2C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1268@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF40@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11C018@682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1660@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10474@732770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14E8@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10BC@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2DC0@13E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143C@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@164654@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C84A4@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16D8@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2BAC@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12748@3B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C0AD8@662770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11E4@15E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@898@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1708@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C4@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6DB8@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10AC@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@15F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1088@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D64@1302770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13684@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12E8@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10EFC@1312770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E7608@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1360@732770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F59C@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF18@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C050@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17A3F8@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1710@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DDF78@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C4@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F9DC@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1038@3B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F05C@3C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CAD0@2F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@159C38@1692770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C7E30@202770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C30@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12C0@13E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1634@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CCA0@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15924C@14C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@16A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@100C@792770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@762770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F958@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1094@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1020@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@782C0@1652770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@162044@652770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10D8@2E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@138C@3C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1320@1482770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17B0@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F58@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF050@1412770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D8@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@112C@202770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@894@772770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@174C@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17C8@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@1312770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1684@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DFC@13A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@153900@7A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1612770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A8@13E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F714@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1224@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1354@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F0@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1778@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@1682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14C@622770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CE94@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11898@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143A7C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1090@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1318@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1718@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1314@222770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A810@2F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F70@202770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1600@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12558C@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A88@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1010@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1040@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1120@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1180@1352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@1622770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1602770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12AC@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13F4@1502770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1474@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15EC@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1648@2B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F0@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1764@612770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17D8@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1B0@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@198AC@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1A52D0@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1AC08@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1BC@682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C57C@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C8@1352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D3A4@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D4@2B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F1888@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F5D0@13D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@220@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2053C@362770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@215348@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@21FC8@1372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A4@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@231C@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@23A1C@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@25C4@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2637C@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@26C90@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@270@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@278C@3B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2AD2B4@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B0@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B4@1322770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C1C@272770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C8@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D4@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D98@2E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E504@1502770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FC78@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FD48@1372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3018@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@304@282770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3230C@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@32360@1602770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@34188@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3480@1382770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@37558@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@378@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3AC@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3BDF4@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3D8@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F0@772770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F34C@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@459C4@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@1422770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@6A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@41C@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@434@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@44EF4@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CC@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@468@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@46C38@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@48C@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@498@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CD4@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@558@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4DC@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4F40@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@514@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5330C@1662770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@53380@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5CC@1632770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@564@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@598@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@59C@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5E60@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5ECC@672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F0@14C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F64@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@60A2C@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@634@732770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@689FC@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6998@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6BC@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6C8@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@718@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@720@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@72C@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@748@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@75C@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E0@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@784@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@78@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A0@1482770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A708@6F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7C@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7D288@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@878@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E8@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7F3A4@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81ADC@262770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81CF0@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@850@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@854@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@86C@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@890@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@89C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8C220@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8DC@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8FC@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@978@14C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9120@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@94E84@3D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A74@1372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@980@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9B4@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9F8@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A098@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A1C@682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AE4@1612770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A80@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A84@782770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AA5BC@2C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AB0@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@ABC@3A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AC8@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AD4@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BC8@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B00@672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B24@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B48@15F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B7C@6D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BA4@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BD4@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BE0@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C14@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C1C@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C4C@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C548@792770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C80@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C8AE8@3C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C9008@352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CBC@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CDC@6D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D14@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D28@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D2C@13F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D304@1342770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D4C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D60@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6C@1382770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD0@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D70@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D84@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D98@13D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DAC@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DB0@1422770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DBC08@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DC220@7B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD8@15D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DEC@352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF0@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E5C@1412770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF8@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E00@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E28@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E2E1C@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE8@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E8150@312770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EA0@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EC0@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE4@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EF0@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F28@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F2C@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F40C@1602770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9C@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F4C@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F78@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F88@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9A90@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FA4@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@302770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FCC@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FD4@622770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FEC@1E2770.###
Da ging beim Posting etwas falsch, daher nochmal:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/16/2012 at 05:38 PM

Application Version : 5.5.1012

Core Rules Database Version : 9068
Trace Rules Database Version: 6880

Scan type      : Complete Scan
Total Scan Time : 02:26:05

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 701
Memory threats detected  : 0
Registry items scanned    : 35882
Registry threats detected : 0
File items scanned        : 176925
File threats detected    : 325

Trojan.Agent/Gen-FraudTool[Tiny]
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1370@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1DC@1F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1084@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1438@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D0AC@6D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11994@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15A5D8@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1240@1412770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1350@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@103C@1482770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1382770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A8@1632770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C9B8@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD4@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16E8@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@27E0C@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F8@2C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1374@372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1268@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF40@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11C018@682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1660@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10474@732770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14E8@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10BC@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2DC0@13E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143C@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@164654@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C84A4@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16D8@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2BAC@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12748@3B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C0AD8@662770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11E4@15E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@898@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1708@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C4@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6DB8@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10AC@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@15F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1088@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D64@1302770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13684@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12E8@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10EFC@1312770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E7608@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1360@732770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F59C@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF18@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15C050@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17A3F8@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1710@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13C0@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DDF78@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10C4@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16FC@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F9DC@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1038@3B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F05C@3C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CAD0@2F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@159C38@1692770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C7E30@202770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C30@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12C0@13E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1634@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CCA0@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15924C@14C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1220@16A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@100C@792770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@762770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F958@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1094@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1020@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@782C0@1652770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@162044@652770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@10D8@2E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@138C@3C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1320@1482770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17B0@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F58@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2CF050@1412770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11D8@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@112C@202770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@894@772770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@174C@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17C8@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@1312770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1684@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DFC@13A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@153900@7A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1260@1612770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@130C@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A8@13E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F714@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1224@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1354@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2F0@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1778@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13AC@1682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@14C@622770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CE94@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@11898@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@143A7C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1090@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1318@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1718@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1314@222770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16A810@2F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F70@202770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1600@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12558C@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A88@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1010@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1040@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1120@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1180@1352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1234@1622770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1300@1602770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@12AC@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@13F4@1502770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1424@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1474@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1594@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@15EC@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1648@2B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@16F0@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1764@612770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@17D8@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1B0@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@198AC@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1A52D0@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1AC08@1532770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1BC@682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C57C@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1C8@1352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D3A4@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1D4@2B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F1888@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@1F5D0@13D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@220@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2053C@362770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@215348@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@21FC8@1372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@22A4@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@231C@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@23A1C@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@25C4@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2637C@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@26C90@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@270@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@278C@3B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2AD2B4@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B0@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2B4@1322770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C1C@272770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2C8@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D4@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2D98@2E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E0@1402770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2E504@1502770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FC78@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@2FD48@1372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3018@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@304@282770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3230C@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@32360@1602770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@34188@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3480@1382770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@37558@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@378@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3AC@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3BDF4@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3D8@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F0@772770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@3F34C@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@459C4@1442770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@1422770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@40C@6A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@41C@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@434@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@44EF4@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CC@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@468@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@46C38@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@48C@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@498@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4CD4@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@558@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4DC@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@4F40@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@514@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5330C@1662770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@53380@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5CC@1632770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@564@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@598@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@59C@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5E60@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5ECC@672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F0@14C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@5F64@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@60A2C@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@634@732770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@689FC@1392770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6998@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6BC@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@6C8@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@718@13B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@71C@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@720@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@72C@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@748@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@75C@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E0@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@784@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@78@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A0@1482770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7A708@6F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7C@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7D288@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@878@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7E8@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@7F3A4@1E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81ADC@262770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@81CF0@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@850@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@854@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@86C@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@890@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@89C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8C220@1462770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8DC@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@8FC@1452770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@978@14C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@90C@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9120@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@948@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@94E84@3D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A74@1372770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@980@232770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9B4@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@9F8@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A098@742770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A1C@682770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AE4@1612770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A80@14E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@A84@782770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AA5BC@2C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AB0@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@ABC@3A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AC8@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@AD4@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BC8@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B00@672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B24@1432770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B48@15F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@B7C@6D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BA4@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BD4@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@BE0@13C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C14@14A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C1C@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C4C@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C548@792770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C80@1512770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C8AE8@3C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@C9008@352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CBC@15C2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@CDC@6D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D14@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D28@1562770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D2C@13F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D304@1342770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D4C@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D60@252770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D6C@1382770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD0@242770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D70@15A2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D84@1592770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@D98@13D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DAC@1672770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DB0@1422770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DBC08@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DC220@7B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DD8@15D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DEC@352770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF0@1582770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E5C@1412770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@DF8@752770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E00@3E2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E28@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E2E1C@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE8@15B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@E8150@312770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EA0@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EC0@1542770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EE4@1552770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@EF0@1572770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F28@14B2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F2C@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F40C@1602770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9C@1472770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F4C@1522770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F78@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F88@3F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@F9A90@1492770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FA4@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@212770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FB0@302770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FCC@14F2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FD4@622770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FDC@14D2770.###
        C:\_OTL\MOVEDFILES\08132012_173922\C_USERS\ANNE\APPDATA\ROAMING\.#\MBX@FEC@1E2770.###
Hm grade hats nicht funktioniert auf diesen Thread zu antworten, ich habe 2 Antworten geschrieben, mein alter Beitrag wurde aber stattdessen editiert.

Also den Log habe ich schon in meinem vorherigen Beitrag gepostet, ich habe bei SUPERAntiSpyware auf "Remove Threads" geklickt.

Gruß,

Tim

Noch ein Versuch von einem anderen Rechner. Sollte jetzt ein neues Post entstehen siehe vorheriges Post von mir.

Und noch ein Postingversuch - vielleicht klappts ja jetzt. Siehe vorheriges Post.

Und noch ein Versuch :)

Und noch ein Versuch ein neues Post zu machen. Erklärung siehe vorherigen Post.

BlegJakun 17.08.2012 16:57
Und noch ein Versuch.

Edit: Ah es hat geklappt! Ichn konnte bis grade keine Antworten mehr schreiben. Immer wenn ich eine Antwort geschrieben hatte, wurde nur mein vorheriger Beitrag editiert. Also der Log von SUPERAntiSpyware ist oben :)

Gruß,

Tim

cosinus 17.08.2012 20:55
Nun rate mal welchen Zweck dieser Pfad erfüllt => C:\_OTL\MOVEDFILES

Mal so als Tipp, ich hab hier im Laufe das Strangs erwähnst was das ist

BlegJakun 17.08.2012 21:17
Zitat:
Zitat von cosinus (Beitrag 895286)
Nun rate mal welchen Zweck dieser Pfad erfüllt => C:\_OTL\MOVEDFILES

Mal so als Tipp, ich hab hier im Laufe das Strangs erwähnst was das ist
Ich habs mir schon gedacht, als ich die gelöscht habe und danach dann das Log gelesen hab. Das ist wahrscheinlich vom OTLFix, richtig? Wäre nett, wenn Du mich aufklären würdest. Habe erst geklickt und dann gedacht.

Gestern Abend ist mein PC ausgegangen, dann kam auf einmal ne empfohlene Systemreparatur von Windows. Die war fehlgeschlagen. Heute Morgen lief der Rechner wieder normal.

Lieben Gruß,

Tim

cosinus 18.08.2012 12:58
Jedenfalls wurden sonst nur Cookies gefunden
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

BlegJakun 18.08.2012 16:33
Hm also Funde gibt es nicht, Du hast alle Logs bekommen. Manchmal setzt im Moment mein Audiotreiber aus, ansonsten funktioniert alles normal.

Hätte ich denn nun die Threads von SUPERAntiSpyware nicht löschen sollen oder habe ich sonst etwas falsch gemacht?

Danke, dass Du so viel Geduld mit mir hast! :dankeschoen:

Lieben Gruß,

Tim

cosinus 19.08.2012 18:15
Nein die Cookies konnten weg, ich hab dir ja nun auch genau erklärt wozu diese genutzt werden können

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

BlegJakun 19.08.2012 21:34
Vielen Dank Arne für deine Hilfe und die Geduld!!

Ist wirklich supersuper nett von Dir gewesen! :dankeschoen: :abklatsch:

Lieben Gruß,

Tim


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:05 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130