Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt (https://www.trojaner-board.de/125491-trojaner-viren-beim-avira-scan-gefunden-quarantaene-gesetzt.html)

anita_kitz 10.10.2012 22:50
Trojaner und Viren beim Avira Scan gefunden und in Quarantäne gesetzt
 
Hallo,
ich haben heut mal den Laptop einer Bekannten etwas auf Vordermann gebracht und beim Scan mit Avira waren 11 Funde mit Viren und Trojanern. Habe diese in Quarantäne verschoben und dann mal malwarebytes durchlaufen lassen. Der hat nix mehr gefunden. Danach hab ich Defogger durchlaufen lassen, da war nix. Danach hab ich jetzt noch Otl von Oldtimer durchlaufen lassen. Diese Dateien sind im Anhang.
Werde jetzt noch gmer scannen und dann auch noch posten.
Weiß jetzt nicht ob es genug war über Avira in Quarantäne zu setzen.
Bitte um kurze Rückmeldung.
Danke im voraus.
Anita

cosinus 11.10.2012 18:08
Zitat:
gebracht und beim Scan mit Avira waren 11 Funde mit Viren und Trojanern
Schön und wo sind die Logs dazu? :confused:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

anita_kitz 11.10.2012 19:54
Hallo,
sorry der ist wohl irgendwie untergegangen.
Kommt natürlich gleich nach:

Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 10. Oktober 2012  19:33


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 1)  [6.0.6001]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : RESI-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.2693    48279 Bytes  01.10.2012 17:25:00
AVSCAN.EXE    : 13.4.0.200    625952 Bytes  01.10.2012 13:15:49
AVSCANRC.DLL  : 13.4.0.163    64800 Bytes  19.09.2012 17:20:53
LUKE.DLL      : 13.4.0.184    66848 Bytes  25.09.2012 09:00:15
AVSCPLR.DLL    : 13.4.0.190    93984 Bytes  26.09.2012 13:58:22
AVREG.DLL      : 13.4.0.180    245536 Bytes  24.09.2012 11:05:45
avlode.dll    : 13.4.0.202    419616 Bytes  01.10.2012 15:21:53
avlode.rdf    : 13.0.0.24      7196 Bytes  27.09.2012 09:30:38
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 13:50:29
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 13:50:31
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 13:50:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 13:50:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 13:50:37
VBASE005.VDF  : 7.11.34.116  4034048 Bytes  29.06.2012 13:42:40
VBASE006.VDF  : 7.11.41.250  4902400 Bytes  06.09.2012 13:42:40
VBASE007.VDF  : 7.11.41.251    2048 Bytes  06.09.2012 13:42:40
VBASE008.VDF  : 7.11.41.252    2048 Bytes  06.09.2012 13:42:40
VBASE009.VDF  : 7.11.41.253    2048 Bytes  06.09.2012 13:42:40
VBASE010.VDF  : 7.11.41.254    2048 Bytes  06.09.2012 13:42:40
VBASE011.VDF  : 7.11.41.255    2048 Bytes  06.09.2012 13:42:40
VBASE012.VDF  : 7.11.42.0      2048 Bytes  06.09.2012 13:42:40
VBASE013.VDF  : 7.11.42.1      2048 Bytes  06.09.2012 13:42:40
VBASE014.VDF  : 7.11.42.65    203264 Bytes  09.09.2012 13:42:40
VBASE015.VDF  : 7.11.42.125  156672 Bytes  11.09.2012 13:42:40
VBASE016.VDF  : 7.11.42.171  187904 Bytes  12.09.2012 13:42:40
VBASE017.VDF  : 7.11.42.235  141312 Bytes  13.09.2012 13:42:40
VBASE018.VDF  : 7.11.43.35    133632 Bytes  15.09.2012 13:42:40
VBASE019.VDF  : 7.11.43.89    129024 Bytes  18.09.2012 13:42:40
VBASE020.VDF  : 7.11.43.141  130560 Bytes  19.09.2012 17:02:38
VBASE021.VDF  : 7.11.43.187  121856 Bytes  21.09.2012 07:40:42
VBASE022.VDF  : 7.11.43.251  147456 Bytes  24.09.2012 08:56:45
VBASE023.VDF  : 7.11.44.43    152064 Bytes  25.09.2012 08:31:00
VBASE024.VDF  : 7.11.44.103  165888 Bytes  27.09.2012 12:16:14
VBASE025.VDF  : 7.11.44.167  160256 Bytes  30.09.2012 08:56:34
VBASE026.VDF  : 7.11.44.223  199680 Bytes  02.10.2012 14:33:20
VBASE027.VDF  : 7.11.45.29    196096 Bytes  04.10.2012 09:08:18
VBASE028.VDF  : 7.11.45.111  202752 Bytes  08.10.2012 18:27:11
VBASE029.VDF  : 7.11.45.112    2048 Bytes  08.10.2012 18:27:11
VBASE030.VDF  : 7.11.45.113    2048 Bytes  08.10.2012 18:27:11
VBASE031.VDF  : 7.11.45.164    88064 Bytes  10.10.2012 12:07:08
Engineversion  : 8.2.10.182
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 13:42:55
AESCRIPT.DLL  : 8.1.4.60      463227 Bytes  05.10.2012 18:12:35
AESCN.DLL      : 8.1.9.2      131444 Bytes  26.09.2012 13:54:07
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 15:58:06
AERDL.DLL      : 8.1.9.15      639348 Bytes  27.08.2012 13:50:15
AEPACK.DLL    : 8.3.0.38      811382 Bytes  28.09.2012 10:24:10
AEOFFICE.DLL  : 8.1.2.48      201082 Bytes  24.09.2012 13:06:59
AEHEUR.DLL    : 8.1.4.114    5353847 Bytes  05.10.2012 18:12:34
AEHELP.DLL    : 8.1.25.0      258423 Bytes  05.10.2012 18:12:21
AEGEN.DLL      : 8.1.5.38      434548 Bytes  26.09.2012 13:54:07
AEEXP.DLL      : 8.2.0.4      115060 Bytes  05.10.2012 18:12:35
AEEMU.DLL      : 8.1.3.2      393587 Bytes  19.09.2012 13:42:55
AECORE.DLL    : 8.1.28.2      201079 Bytes  26.09.2012 13:54:07
AEBB.DLL      : 8.1.1.0        53618 Bytes  27.08.2012 13:50:12
AVWINLL.DLL    : 13.4.0.163    25888 Bytes  19.09.2012 17:09:30
AVPREF.DLL    : 13.4.0.163    50464 Bytes  19.09.2012 17:07:51
AVREP.DLL      : 13.4.0.163    177952 Bytes  19.09.2012 17:08:15
AVARKT.DLL    : 13.4.0.184    260384 Bytes  25.09.2012 08:51:51
AVEVTLOG.DLL  : 13.4.0.185    167200 Bytes  25.09.2012 08:52:37
SQLITE3.DLL    : 3.7.0.1      397088 Bytes  19.09.2012 17:17:40
AVSMTP.DLL    : 13.4.0.163    62240 Bytes  19.09.2012 17:08:54
NETNT.DLL      : 13.4.0.163    15648 Bytes  19.09.2012 17:16:26
RCIMAGE.DLL    : 13.4.0.163  4780832 Bytes  19.09.2012 17:21:16
RCTEXT.DLL    : 13.4.0.163    68384 Bytes  19.09.2012 17:21:16

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 10. Oktober 2012  19:33

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'UpdateTask.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'acer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Acer.scr' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkBtMnt.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ERAGENT.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'EPOWER_DMC.EXE' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ENMTRAY.EXE' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'PIFSvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMVService.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'LManager.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSLoader.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '186' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'capuserv.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'eRecoveryService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'MobilityService.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'PIFSvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'eNet Service.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'eLockServ.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'eDSService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALUSchedulerSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALaunchSvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1447' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <ACER>
      --> my pics/video.exe
          [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.749042
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\5CE457FD-0000160A.eml
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\67684382-0000158D.eml
      Mahnkosten Rechnung 17.09.2012.zip
        [2] Archivtyp ZIP
        --> Mahnkosten Rechnung 17.09.2012.com
            [FUND]      Ist das Trojanische Pferd TR/Savwu.A
            [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\6B335AD9-0000158E.eml
      Mahnkosten Rechnung 17.09.2012.zip
        [2] Archivtyp ZIP
        --> Mahnkosten Rechnung 17.09.2012.com
            [FUND]      Ist das Trojanische Pferd TR/Savwu.A
            [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\050F5A07-0000265E.eml
      Mahnung 2012.zip
        [2] Archivtyp ZIP
        --> Mahnung 2012.pif
            [FUND]      Ist das Trojanische Pferd TR/Dropper.VB.Gen
            [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\152E1243-000029A2.eml
      Mahnung - Rechnung vom 12.08.2012.zip
        [2] Archivtyp ZIP
        --> Mahnung - Rechnung vom 12.08.2012.com
            [FUND]      Ist das Trojanische Pferd TR/Dldr.Lony.A
            [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\15F2151C-00002643.eml
    Registrierung.zip
      [1] Archivtyp ZIP
      --> Registrierung.pif
          [FUND]      Ist das Trojanische Pferd TR/Injector.NH.1
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\26FF6489-00002616.eml
    Vertrag.zip
      [1] Archivtyp ZIP
      --> Vertrag 17.05.2012.com
          [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\2D333948-0000265D.eml
      Mahnung 2012.zip
        [2] Archivtyp ZIP
        --> Mahnung 2012.pif
            [FUND]      Ist das Trojanische Pferd TR/Dropper.VB.Gen
            [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\2E192E27-000026F7.eml
      Foto.zip
        [2] Archivtyp ZIP
        --> FOTO THUN GmbH.pif
            [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB.22
            [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\31EC019F-00002614.eml
    Vertrag.zip
      [1] Archivtyp ZIP
      --> Vertrag 17.05.2012.com
          [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\474C5725-00002640.eml
    Registrierung.zip
      [1] Archivtyp ZIP
      --> Registrierung.pif
          [FUND]      Ist das Trojanische Pferd TR/Injector.NH.1
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\474C5725-00002640.eml
  [FUND]      Ist das Trojanische Pferd TR/Injector.NH.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57277dd0.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\31EC019F-00002614.eml
  [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fa35271.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\2E192E27-000026F7.eml
  [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB.22
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1de008ed.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\2D333948-0000265D.eml
  [FUND]      Ist das Trojanische Pferd TR/Dropper.VB.Gen
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7bd9472f.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\26FF6489-00002616.eml
  [FUND]      Ist das Trojanische Pferd TR/Matsnu.EB
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3e4e6a63.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\15F2151C-00002643.eml
  [FUND]      Ist das Trojanische Pferd TR/Injector.NH.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41555803.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\152E1243-000029A2.eml
  [FUND]      Ist das Trojanische Pferd TR/Dldr.Lony.A
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0df17449.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\050F5A07-0000265E.eml
  [FUND]      Ist das Trojanische Pferd TR/Dropper.VB.Gen
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '71eb3418.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\6B335AD9-0000158E.eml
  [FUND]      Ist das Trojanische Pferd TR/Savwu.A
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5cbc1b26.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\67684382-0000158D.eml
  [FUND]      Ist das Trojanische Pferd TR/Savwu.A
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45d720c1.qua' verschoben!
C:\Users\Resi\AppData\Local\Microsoft\Windows Mail\Local Folders\Deleted Items\5CE457FD-0000160A.eml
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.749042
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '299a0c8d.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 10. Oktober 2012  21:58
Benötigte Zeit:  2:24:36 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  24664 Verzeichnisse wurden überprüft
 371950 Dateien wurden geprüft
    11 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
    11 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 371939 Dateien ohne Befall
  22209 Archive wurden durchsucht
      0 Warnungen
    11 Hinweise
 486972 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
Waren die anhänge von Otl auch nicht dabei? Falls nicht poste ich sie auch nochmal.

OTL Logfile:
Code:
OTL logfile created on: 10.10.2012 22:55:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Resi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1013,27 Mb Total Physical Memory | 287,07 Mb Available Physical Memory | 28,33% Memory free
2,23 Gb Paging File | 0,72 Gb Available in Paging File | 32,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 10,34 Gb Free Space | 20,21% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 22:54:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.21 16:38:16 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.03.12 11:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.10.06 04:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.09.26 11:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 11:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.03.12 11:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=crm&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=aeb981d6-dadb-4c4c-ba3c-443354f0b292&apn_sauid=4958F744-FF2A-49F0-B7A1-274B48DEF01B
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/home/?search={searchTerms}&loc=search_box
IE - HKCU\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.10 22:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.10 22:17:01 | 000,000,000 | ---D | M]
 
[2012.10.10 22:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.06 05:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.06 05:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.06 05:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.06 05:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.06 05:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\oberontb.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Programme\GamesBar\oberontb.dll ()
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.02 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Resi\AppData\Local\AskToolbar
[2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.02 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 22:13:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.10 21:17:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 21:17:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.10 19:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.10 19:19:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.10 19:17:07 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.10.10 19:16:48 | 1063,272,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.07 21:46:09 | 000,000,472 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Resi.job
[2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.04.24 20:47:20 | 000,009,013 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe
[2007.10.19 13:40:49 | 1063,272,448 | -HS- | C] () -- \hiberfil.sys
[2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr
[2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty
@Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty

< End of report >

OTL Logfile:
Code:
OTL Extras logfile created on: 10.10.2012 22:55:37 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Resi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1013,27 Mb Total Physical Memory | 287,07 Mb Available Physical Memory | 28,33% Memory free
2,23 Gb Paging File | 0,72 Gb Available in Paging File | 32,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 10,34 Gb Free Space | 20,21% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A244C2D-44B7-42EE-9217-799A3F0EB866}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{3F2C7B26-3609-4FC9-A46F-443FF8274A3E}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{50ADECF3-79F1-4023-8141-D9DA8AA1BA52}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{5291794C-D721-41CC-B1D9-5F327A7B436C}" = protocol=17 | dir=in | app=c:\windows\temp\aoninstaller.exe |
"{6360C419-FD9E-4369-AB7A-99B38BBB01FE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{650690AE-294A-4C4D-B970-295A47B2A065}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{68D38B0B-0061-4E79-AA33-5F18EB9B3E64}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{8AF9B2C8-139E-480B-8687-105641CC5DE2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8FA39F01-A707-4EA4-B834-03350CD175A8}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe |
"{AFDF36BE-8705-416D-86C0-B95C35AC35A6}" = protocol=6 | dir=in | app=c:\windows\temp\aoninstaller.exe |
"{B17CDA41-71B2-4E25-86F7-D8AD96A8E32A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BD36B784-84D8-4B37-83BD-DF533C93BB03}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{BF0981BA-8F7A-4EBB-859B-1D707E1C2A75}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe |
"{C5A8F7E7-4ADC-46CB-8BE4-720FEE0CCA66}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"TCP Query User{3862643E-21DA-48EE-BC38-B58C0165EE33}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{BC8A3F64-1CDF-49D0-B684-6C5472E4C17C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EAC02AF1-268B-43F7-8FF8-606909E2C5B8}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{F1D8D3FD-93D9-4721-B764-36DF2AF543BD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F2019650-B991-4CE2-BA1A-CC62E7B23490}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{8CD2496E-38AE-4740-9F9D-025FAA1E4901}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{929419B8-A337-4E14-9F6B-1B92D6065F86}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C8B142B7-341C-4903-8FFB-FDBC1C285374}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{CE878EC1-4778-4E98-B7F4-FF9BD7BFD04B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{EA0CC628-AAFC-477E-A7A9-D5A9D3AAFCDB}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = aonController
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"aonController" = aonController
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"Avira AntiVir Desktop" = Avira Free Antivirus
"BearShare" = BearShare
"BearShare MediaBar" = BearShare MediaBar
"GamesBar" = GamesBar 1.1.0.5
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSS" = Norton Security Scan
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2009 04:33:35 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 23.06.2009 10:13:43 | Computer Name = Resi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 3.6.0.248, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000005, Fehleroffset 0x000430fd,  Prozess-ID 0xf48, Anwendungsstartzeit 01c9ec479eb1a304.
 
Error - 18.07.2009 02:39:17 | Computer Name = Resi-PC | Source = System Restore | ID = 8193
Description =
 
Error - 07.08.2009 01:19:30 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2009 01:19:32 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2009 01:27:08 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2009 01:27:11 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2009 01:27:12 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2009 01:27:12 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 07.08.2009 01:27:13 | Computer Name = Resi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 08.10.2012 03:14:54 | Computer Name = Resi-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 08.10.2012 12:53:23 | Computer Name = Resi-PC | Source = HTTP | ID = 15016
Description =
 
Error - 08.10.2012 13:48:09 | Computer Name = Resi-PC | Source = DCOM | ID = 10010
Description =
 
Error - 09.10.2012 14:20:32 | Computer Name = Resi-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.10.2012 02:00:21 | Computer Name = Resi-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.10.2012 10:40:29 | Computer Name = Resi-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001B38653625 zugeteilt werden. Der
 folgende Fehler ist aufgetreten:  %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 10.10.2012 10:40:42 | Computer Name = Resi-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{6F37C51B-3077-406E-AE07-C8F9DDAE33D4} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 10.10.2012 12:09:17 | Computer Name = Resi-PC | Source = DCOM | ID = 10010
Description =
 
Error - 10.10.2012 13:17:01 | Computer Name = Resi-PC | Source = HTTP | ID = 15016
Description =
 
Error - 10.10.2012 16:58:29 | Computer Name = Resi-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

So ich hoffe das ich jetzt alles hab was wir brauchen. Sonst bitte nochmal schreiben und ich probiers zu finden. Kenn mich leider nicht ganz so 100%ig aus, aber ich geb mein bestes.
Danke für die Hilfe.
Anita

jetzt auch noch die log datei von gmer, ging sich gestern nacht um 1 nicht nochmal aus, nachdem er sich aufgehängt hat...
habs heut nachgeholt...

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-11 22:01:55
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: 4bslv4pd.exe; Driver: C:\Users\Resi\AppData\Local\Temp\kgldrpod.sys


---- System - GMER 1.0.15 ----

SSDT            88CA9196                                ZwCreateSection
SSDT            88CA91A0                                ZwRequestWaitReplyPort
SSDT            88CA919B                                ZwSetContextThread
SSDT            88CA91A5                                ZwSetSecurityObject
SSDT            88CA91AA                                ZwSystemDebugControl
SSDT            88CA9137                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!KeInsertQueue + 405        81CA09CC 4 Bytes  [96, 91, CA, 88]
.text          ntoskrnl.exe!KeInsertQueue + 729        81CA0CF0 4 Bytes  [A0, 91, CA, 88]
.text          ntoskrnl.exe!KeInsertQueue + 75D        81CA0D24 4 Bytes  [9B, 91, CA, 88]
.text          ntoskrnl.exe!KeInsertQueue + 7C1        81CA0D88 4 Bytes  [A5, 91, CA, 88]
.text          ntoskrnl.exe!KeInsertQueue + 809        81CA0DD0 4 Bytes  [AA, 91, CA, 88]
.text          ...                                     

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Danke!

cosinus 12.10.2012 10:22
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

anita_kitz 12.10.2012 23:29
hallo, hab jetzt nochmal malewarebytes durchlaufen lassen und auch da war kein fund mehr. Hier der log
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.12.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Resi :: RESI-PC [Administrator]

Schutz: Aktiviert

12.10.2012 18:12:39
mbam-log-2012-10-12 (18-12-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 325586
Laufzeit: 2 Stunde(n), 15 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
muß ich jetzt noch etwas machen oder ist er jetzt wieder soweit einsatzbereit?

Danke und lg
Anita

cosinus 13.10.2012 16:00
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

anita_kitz 13.10.2012 17:03
1. Scan
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.10.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Resi :: RESI-PC [Administrator]

Schutz: Aktiviert

10.10.2012 22:24:25
mbam-log-2012-10-10 (22-24-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190885
Laufzeit: 15 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
2. Scan
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.11.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Resi :: RESI-PC [Administrator]

Schutz: Deaktiviert

11.10.2012 18:00:24
mbam-log-2012-10-11 (18-00-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190535
Laufzeit: 25 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
3. Scan wurde von mir abgebrochen, weil ich noch kein Update gemacht hatte.
danach hab ich den 4. Scan gemacht, das war der komplette, den ich gestern gepostet habe.
Brauchst du auch die protection logs?
danke

cosinus 13.10.2012 19:20

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

anita_kitz 13.10.2012 23:17
Hallo,
hat jetzt lang gedauert aber hier ist das ergebnis :
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4df390393c1ee34882327d2b90f7d423
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-13 09:46:23
# local_time=2012-10-13 11:46:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 966224 966224 0 0
# compatibility_mode=5892 16776574 100 100 970260 187687081 0 0
# compatibility_mode=8192 67108863 100 0 544 544 0 0
# scanned=174574
# found=0
# cleaned=0
# scan_time=10430
Danke und hoffe ich hab jetzt soweit alles sauber. Oder soll ich noch etwas machen?
LG Anita

cosinus 14.10.2012 16:43
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

anita_kitz 14.10.2012 17:18
Hab ich gemacht, hier die datei
Code:
# AdwCleaner v2.005 - Datei am 14/10/2012 um 18:13:17 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Resi - RESI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Resi\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\ProgramData\GamesBar
Ordner Gefunden : C:\Users\Resi\AppData\Local\AskToolbar
Ordner Gefunden : C:\Users\Resi\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\extensions\toolbar@ask.com
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18000

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT

-\\ Mozilla Firefox v16.0 (de)

Profilname : default
Datei : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_3.6.13");
Gefunden : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gefunden : user_pref("extensions.asktb.cbid", "^AGU");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.crumb", "2012.10.02+07.27.30-toolbar003iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://{domainName}/web?q={query}&o={o}&l={l[...]
Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^AT");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mystart.incredimail.com/home/?loc=ff_a[...]
Gefunden : user_pref("extensions.asktb.first-launch-url", "hxxp://redirect.avira.com/?operationtype=install&lng[...]
Gefunden : user_pref("extensions.asktb.first-restart-after-config-update", true);
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "aeb981d6-dadb-4c4c-ba3c-443354f0b292");
Gefunden : user_pref("extensions.asktb.hpr", "YES");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1350230514088");
Gefunden : user_pref("extensions.asktb.locale", "de_AT");
Gefunden : user_pref("extensions.asktb.localePref", true);
Gefunden : user_pref("extensions.asktb.location", "Vienna,Austria");
Gefunden : user_pref("extensions.asktb.nthp", "YES");
Gefunden : user_pref("extensions.asktb.nthp_prev", "1");
Gefunden : user_pref("extensions.asktb.nthp_stw", "1");
Gefunden : user_pref("extensions.asktb.o", "APN10263");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "4958F744-FF2A-49F0-B7A1-274B48DEF01B");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gefunden : user_pref("extensions.asktb.socialmini-first", true);
Gefunden : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gefunden : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gefunden : user_pref("extensions.asktb.socialmini-max-items", "30");
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.socialmini-speed", "5000");
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "02.10.2012 16:30:49");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.5.100015");
Gefunden : user_pref("extensions.asktb.version", "5.15.5.26921");
Gefunden : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.5.100015,{972ce4c6-7e08-4474-a285-320819[...]
Gefunden : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10263&loc[...]

*************************

AdwCleaner[R1].txt - [10529 octets] - [14/10/2012 18:13:17]

########## EOF - C:\AdwCleaner[R1].txt - [10590 octets] ##########
Danke für die antwort und hilfe bisher. Ist er jetzt sauber?
LG Anita

cosinus 14.10.2012 19:57
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

anita_kitz 14.10.2012 19:59
Sorry das ich nochmal nachfrage, aber ist er jetzt sauber und kann ich ihn seiner Besitzerin wieder übergeben? Die hat schon Entzug weil sie seit Mittwoch keine mails mehr erreichen... und hat schon täglich nachgefragt ;)
Muß ihr wohl auch eine Nachschulung geben was sie nicht anklicken soll! Und eine Spende wird auch fällig!
Bitte um kurze Rückmeldung und Danke

Hat sich wohl grade überschnitten, mach gleich weiter. Danke
Hier das ergebnis:
Code:
# AdwCleaner v2.005 - Datei am 14/10/2012 um 21:01:36 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Resi - RESI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Resi\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\searchplugins\MyStart Search.xml
Gelöscht mit Neustart : C:\Program Files\Ask.com
Ordner Gelöscht : C:\ProgramData\GamesBar
Ordner Gelöscht : C:\Users\Resi\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Resi\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18000

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10263&gct=hp&dc=EU&locale=de_AT --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0 (de)

Profilname : default
Datei : C:\Users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_3.6.13");
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "^AGU");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.10.02+07.27.30-toolbar003iad-AT-Vmllbm5hLEF1c3RyaWE%3D");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://{domainName}/web?q={query}&o={o}&l={l[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^AT");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://mystart.incredimail.com/home/?loc=ff_a[...]
Gelöscht : user_pref("extensions.asktb.first-launch-url", "hxxp://redirect.avira.com/?operationtype=install&lng[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "aeb981d6-dadb-4c4c-ba3c-443354f0b292");
Gelöscht : user_pref("extensions.asktb.hpr", "YES");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1350230514088");
Gelöscht : user_pref("extensions.asktb.locale", "de_AT");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Vienna,Austria");
Gelöscht : user_pref("extensions.asktb.nthp", "YES");
Gelöscht : user_pref("extensions.asktb.nthp_prev", "1");
Gelöscht : user_pref("extensions.asktb.nthp_stw", "1");
Gelöscht : user_pref("extensions.asktb.o", "APN10263");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "4958F744-FF2A-49F0-B7A1-274B48DEF01B");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "02.10.2012 16:30:49");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.5.100015");
Gelöscht : user_pref("extensions.asktb.version", "5.15.5.26921");
Gelöscht : user_pref("extensions.enabledAddons", "toolbar@ask.com:3.15.5.100015,{972ce4c6-7e08-4474-a285-320819[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10263&loc[...]

*************************

AdwCleaner[R1].txt - [10660 octets] - [14/10/2012 18:13:17]
AdwCleaner[S1].txt - [10100 octets] - [14/10/2012 21:01:36]

########## EOF - C:\AdwCleaner[S1].txt - [10161 octets] ##########

cosinus 14.10.2012 22:01
Nein so schnell geht das alles logischerweise über ein Forum nicht, wenns richtig schnell gehen muss, dann muss eben ein Vor-Ort-Service her

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

anita_kitz 14.10.2012 22:30
Ja ist klar das es nicht so schnell geht.
zu Frage 1: Mir fällt nix auf das Windows nicht wie sonst laufen würde. Nur Avira meldet das der Browserschutz deaktiviert ist.
und zu Frage 2 kann ich nicht viel sagen da es nicht mein Lapi ist. Aber sind keine leeren Ordner dabei soweit ich das sehen kann... hab nur die letzten Tage mal bei der Software aufgeräumt, war allerdings nicht viel da. hab nur die Acer gamezone gelöscht, ist mir allerdings aufgefallen das die im Startmenü noch da ist...

cosinus 15.10.2012 13:25
Zitat:
Nur Avira meldet das der Browserschutz deaktiviert ist.
1. ist dieser Schutz nicht wirklich nötig, 2. muss man diese müllige Ask-Toolbar haben um das nutzen zu können (!) und 3. ist Avira an sich schon fast nervige Nagware, imho sollte man sie durch MSE oder Avast austauschen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

anita_kitz 15.10.2012 20:30
So hab jetzt den Scan gemacht, hier die log datei:
OTL Logfile:
Code:
OTL logfile created on: 15.10.2012 21:01:55 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Resi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1013,27 Mb Total Physical Memory | 288,41 Mb Available Physical Memory | 28,46% Memory free
2,23 Gb Paging File | 0,99 Gb Available in Paging File | 44,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 14,07 Gb Free Space | 27,51% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.15 20:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.10.06 04:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.10 22:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.10 22:17:01 | 000,000,000 | ---D | M]
 
[2012.10.10 22:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.06 05:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.06 05:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.06 05:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.06 05:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.06 05:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000..\Run: [Acer Tour Reminder]  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.13 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.13 20:42:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- \Config.Msi
[2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.15 20:20:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.15 20:07:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.15 20:05:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.10.15 20:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 18:09:03 | 000,538,941 | ---- | M] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.13 20:42:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.12 17:55:26 | 000,000,680 | ---- | M] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 18:08:17 | 000,538,941 | ---- | C] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe
[2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr
[2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2008.10.19 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.06.13 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\IM
[2009.06.13 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\IncrediMail
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\m2backup
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\mquadr.at
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2008.10.19 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2009.05.29 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2007.07.27 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2007.11.30 12:36:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D6B1976C-D59B-4881-8378-7F29FE0A2822}
[2007.11.30 12:35:12 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E16513F0-65F3-4AB4-86DD-35C7C409A265}
[2007.11.30 12:35:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E8A874E7-129E-4647-B8C1-46227F252D4F}
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2012.10.11 22:35:20 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010.05.20 21:49:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Anwendungsdaten
[2007.11.20 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Resi\AppData
[2012.10.10 14:26:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Contacts
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Cookies
[2012.10.14 18:08:27 | 000,000,000 | R--D | M] -- C:\Users\Resi\Desktop
[2012.10.11 22:01:55 | 000,000,000 | R--D | M] -- C:\Users\Resi\Documents
[2012.10.15 20:22:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Downloads
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Druckumgebung
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Eigene Dateien
[2010.11.24 16:59:22 | 000,000,000 | R--D | M] -- C:\Users\Resi\Favorites
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Links
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Lokale Einstellungen
[2008.05.22 20:17:57 | 000,000,000 | R--D | M] -- C:\Users\Resi\Music
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Netzwerkumgebung
[2012.04.17 09:38:00 | 000,000,000 | R--D | M] -- C:\Users\Resi\Pictures
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Recent
[2007.11.20 18:03:39 | 000,000,000 | R--D | M] -- C:\Users\Resi\Saved Games
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Searches
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\SendTo
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Startmenü
[2007.11.20 23:48:16 | 000,000,000 | R--D | M] -- C:\Users\Resi\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Vorlagen
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< OTL logfile created on: 15.10.2012 20:26:29 - Run 2 >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,530 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.01.03 23:09:04 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.01.03 23:09:08 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.06.18 10:39:53 | 000,000,974 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job
 
< OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Resi\Downloads >
 
< Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation >
 
< Internet Explorer (Version = 7.0.6001.18000) >
 
< Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy >
 
<  >
 
< 1013,27 Mb Total Physical Memory | 294,36 Mb Available Physical Memory | 29,05% Memory free >
 
< 2,23 Gb Paging File | 0,95 Gb Available in Paging File | 42,49% Paging File free >
 
< Paging file location(s): ?:\pagefile.sys [binary data] >
 
<  >
 
< %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files >
 
< Drive C: | 51,14 Gb Total Space | 14,07 Gb Free Space | 27,51% Space Free | Partition Type: NTFS >
 
< Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS >
 
<  >
 
< Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator. >
 
< Boot Mode: Normal | Scan Mode: All users | Quick Scan >
 
< Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days >
 
<  >
 
< ========== Processes (SafeList) ========== >
Invalid Switch: color]
 
<  >
 
< PRC - [2012.10.15 20:22:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe >
 
< PRC - [2012.10.06 04:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe >
 
< PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe >
 
< PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe >
 
< PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe >
 
< PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe >
 
< PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe >
 
< PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe >
 
< PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe >
 
< PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe >
 
< PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe >
 
< PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe >
 
< PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe >
 
< PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe >
 
< PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe >
 
< PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe >
 
< PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe >
 
< PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe >
 
< PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe >
 
< PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe >
 
< PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe >
 
< PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe >
 
< PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe >
 
< PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe >
 
< PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe >
 
< PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe >
 
< PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe >
 
< PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe >
 
< PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe >
 
< PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe >
 
<  >
 
<  >
 
< ========== Modules (No Company Name) ========== >
Invalid Switch: color]
 
<  >
 
< MOD - [2012.10.06 04:14:14 | 002,294,240 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll >
 
< MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll >
 
< MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll >
 
< MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll >
 
< MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll >
 
< MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll >
 
< MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll >
 
< MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll >
 
< MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll >
 
< MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll >
 
< MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll >
 
< MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll >
 
< MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll >
 
< MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll >
 
< MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll >
 
< MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll >
 
< MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll >
 
< MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll >
 
< MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll >
 
< MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll >
 
< MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll >
 
< MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll >
 
< MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll >
 
< MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll >
 
< MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll >
 
< MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll >
 
< MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll >
 
< MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll >
 
< MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll >
 
< MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll >
 
<  >
 
<  >
 
< ========== Services (SafeList) ========== >
Invalid Switch: color]
 
<  >
 
< SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) >
Invalid Switch: h ccCommon -- (CLTNetCnService)
 
< SRV - [2012.10.06 04:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) >
 
< SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) >
 
< SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) >
 
< SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) >
 
< SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) >
 
< SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) >
 
< SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) >
 
< SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) >
 
< SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) >
 
< SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) >
 
< SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) >
 
< SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) >
 
< SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) >
 
< SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) >
 
< SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) >
 
< SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) >
 
< SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) >
 
< SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) >
 
< SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) >
 
< SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) >
 
<  >
 
<  >
 
< ========== Driver Services (SafeList) ========== >
Invalid Switch: color]
 
<  >
 
< DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) >
 
< DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) >
 
< DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) >
 
< DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) >
 
< DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) >
 
< DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) >
 
< DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) >
 
< DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) >
 
< DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) >
 
< DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) >
 
< DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) >
 
< DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) >
 
< DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) >
 
< DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) >
 
< DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) >
 
< DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) >
 
<  >
 
<  >
 
< ========== Standard Registry (SafeList) ========== >
Invalid Switch: color]
 
<  >
 
<  >
 
< ========== Internet Explorer ========== >
Invalid Switch: color]
 
<  >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com >
Invalid Switch: de.intl.acer.yahoo.com
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm >
 
< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com >
Invalid Switch: de.intl.acer.yahoo.com
 
< IE - HKLM\..\SearchScopes,DefaultScope =  >
 
<  >
 
<  >
 
< IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =  >
 
< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<  >
 
< IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =  >
 
< IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
<  >
 
< IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =  >
 
<  >
 
< IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =  >
 
<  >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at >
Invalid Switch: search.aon.at
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 >
Invalid Switch: search?p={searchTerms}&ei=utf-8&fr=b1ie7
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com >
Invalid Switch: www.google.com
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes,DefaultScope =  >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms} >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : >
 
<  >
 
<  >
 
< ========== FireFox ========== >
Invalid Switch: color]
 
<  >
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () >
Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
 
< FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) >
Invalid Switch: ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) >
Invalid Switch: GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) >
Invalid Switch: DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) >
Invalid Switch: JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) >
Invalid Switch: WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
< FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) >
Invalid Switch: Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
< FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
<  >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.10 22:09:45 | 000,000,000 | ---D | M] >
 
< FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.10 22:17:01 | 000,000,000 | ---D | M] >
 
<  >
 
< [2012.10.10 22:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions >
 
< [2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll >
 
< [2012.10.06 05:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml >
 
< [2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml >
 
< [2012.10.06 05:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml >
 
< [2012.10.06 05:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml >
 
< [2012.10.06 05:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml >
 
< [2012.10.06 05:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml >
 
<  >
 
< O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts >
 
< O1 - Hosts: 127.0.0.1      localhost >
 
< O1 - Hosts: ::1            localhost >
 
< O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) >
 
< O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) >
 
< O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll () >
 
< O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) >
 
< O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) >
 
< O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) >
 
< O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) >
 
< O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) >
 
< O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) >
 
< O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) >
 
< O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare) >
 
< O4 - HKLM..\Run: []  File not found >
 
< O4 - HKLM..\Run: [Acer Tour]  File not found >
 
< O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) >
 
< O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found >
 
< O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) >
 
< O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) >
 
< O4 - HKLM..\Run: [eRecoveryService]  File not found >
 
< O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) >
 
< O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) >
 
< O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.) >
 
< O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) >
 
< O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found >
 
< O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) >
 
< O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) >
 
< O4 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000..\Run: [Acer Tour Reminder]  File not found >
 
< O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) >
 
< O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) >
 
< O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) >
 
< O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) >
 
< O13 - gopher Prefix: missing >
 
< O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
 
< O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2) >
Invalid Switch: jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
 
< O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
 
< O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2) >
Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138 >
 
< O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251 >
 
< O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) >
 
< O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) >
 
< O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) >
 
< O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) >
Invalid Switch: xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
 
< O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer) >
 
< O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) >
 
< O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) >
 
< O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg >
 
< O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg >
 
< O32 - HKLM CDRom: AutoRun - 1 >
 
< O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] >
 
< O34 - HKLM BootExecute: (autocheck autochk *) >
 
< O35 - HKLM\..comfile [open] -- "%1" %* >
 
< O35 - HKLM\..exefile [open] -- "%1" %* >
 
< O37 - HKLM\...com [@ = comfile] -- "%1" %* >
 
< O37 - HKLM\...exe [@ = exefile] -- "%1" %* >
 
< O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) >
 
< O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) >
 
<  >
 
< ========== Files/Folders - Created Within 30 Days ========== >
Invalid Switch: color]
 
<  >
 
< [2012.10.13 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET >
 
< [2012.10.13 20:42:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe >
 
< [2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi >
 
< [2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- \Config.Msi >
 
< [2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware >
 
< [2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes >
 
< [2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys >
 
< [2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware >
 
< [2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service >
 
< [2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla >
 
< [2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira >
 
< [2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys >
 
< [2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys >
 
< [2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys >
 
< [2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira >
 
< [2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira >
 
< [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] >
 
< [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] >
 
<  >
 
< ========== Files - Modified Within 30 Days ========== >
Invalid Switch: color]
 
<  >
 
< [2012.10.15 20:20:53 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job >
 
< [2012.10.15 20:07:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job >
 
< [2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.10.15 20:05:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 >
 
< [2012.10.15 20:05:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl >
 
< [2012.10.15 20:05:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat >
 
< [2012.10.14 18:09:03 | 000,538,941 | ---- | M] () -- C:\Users\Resi\Desktop\adwcleaner.exe >
 
< [2012.10.13 20:42:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe >
 
< [2012.10.12 17:55:26 | 000,000,680 | ---- | M] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat >
 
< [2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk >
 
< [2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk >
 
< [2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job >
 
< [2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk >
 
< [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys >
 
< [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys >
 
< [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] >
 
< [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] >
 
<  >
 
< ========== Files Created - No Company Name ========== >
Invalid Switch: color]
 
<  >
 
< [2012.10.14 18:08:17 | 000,538,941 | ---- | C] () -- C:\Users\Resi\Desktop\adwcleaner.exe >
 
< [2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk >
 
< [2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk >
 
< [2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk >
 
< [2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat >
 
< [2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >
 
< [2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat >
 
< [2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe >
 
< [2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr >
 
< [2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK >
 
< [2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss >
 
< [2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat >
 
< [2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys >
 
<  >
 
< ========== ZeroAccess Check ========== >
Invalid Switch: color]
 
<  >
 
< [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini >
 
<  >
 
< [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >
 
<  >
 
< [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] >
 
<  >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] >
 
< "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Apartment >
 
<  >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] >
 
< "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Free >
 
<  >
 
< [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] >
 
< "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) >
 
< "ThreadingModel" = Both >
 
<  >
 
< ========== LOP Check ========== >
Invalid Switch: color]
 
<  >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente >
 
< [2008.10.19 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2 >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites >
 
< [2009.06.13 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\IM >
 
< [2009.06.13 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\IncrediMail >
 
< [2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\m2backup >
 
< [2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\mquadr.at >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü >
 
< [2008.10.19 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP >
 
< [2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen >
 
< [2009.05.29 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch >
 
< [2007.07.27 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} >
 
< [2007.11.30 12:36:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D6B1976C-D59B-4881-8378-7F29FE0A2822} >
 
< [2007.11.30 12:35:12 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E16513F0-65F3-4AB4-86DD-35C7C409A265} >
 
< [2007.11.30 12:35:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E8A874E7-129E-4647-B8C1-46227F252D4F} >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten >
 
< [2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop >
 
< [2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent >
 
< [2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü >
 
< [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates >
 
< [2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos >
 
< [2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen >
 
< [2012.10.11 22:35:20 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop >
 
< [2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads >
 
< [2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures >
 
< [2010.05.20 21:49:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV >
 
< [2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Anwendungsdaten >
 
< [2007.11.20 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Resi\AppData >
 
< [2012.10.10 14:26:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Contacts >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Cookies >
 
< [2012.10.14 18:08:27 | 000,000,000 | R--D | M] -- C:\Users\Resi\Desktop >
 
< [2012.10.11 22:01:55 | 000,000,000 | R--D | M] -- C:\Users\Resi\Documents >
 
< [2012.10.15 20:22:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Downloads >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Druckumgebung >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Eigene Dateien >
 
< [2010.11.24 16:59:22 | 000,000,000 | R--D | M] -- C:\Users\Resi\Favorites >
 
< [2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Links >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Lokale Einstellungen >
 
< [2008.05.22 20:17:57 | 000,000,000 | R--D | M] -- C:\Users\Resi\Music >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Netzwerkumgebung >
 
< [2012.04.17 09:38:00 | 000,000,000 | R--D | M] -- C:\Users\Resi\Pictures >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Recent >
 
< [2007.11.20 18:03:39 | 000,000,000 | R--D | M] -- C:\Users\Resi\Saved Games >
 
< [2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Searches >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\SendTo >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Startmenü >
 
< [2007.11.20 23:48:16 | 000,000,000 | R--D | M] -- C:\Users\Resi\Videos >
 
< [2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Vorlagen >
 
<  >
 
< ========== Purity Check ========== >
Invalid Switch: color]
 
<  >
 
<  >
 
<  >
 
< ========== Alternate Data Streams ========== >
Invalid Switch: color]
 
<  >
 
< @Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty >
 
< @Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty >
 
< @Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D >
 
< @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D >
 
< @Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty >
 
<  >
 
< < End of report >

--- --- ---
>

========== Alternate Data Streams ==========

@Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty
@Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty

< End of report >
[/code]
was ist der nächste Schritt?

anita_kitz 15.10.2012 20:33
hab den 2. eintrag gelöscht

cosinus 16.10.2012 15:11
Den CustomScan hast du flsch gemacht
Bitte meine Anleitungen richtig lesen und sorgfältiger arbeiten beim Kopieren und Einfügen - nur das was in der CODE-Box in der Anleitung zum CustomScan steht darf bei OTL eingefügt werden wenn du ein CustomScan-Log erstellen musst!

anita_kitz 16.10.2012 21:18
So ich habs nochmal probiert. Hab den Text kopiert und eingefügt bei custom scan/fixes. Hab ausgewählt scan all users und hab alle Programme geschlossen. Danach auf Quickscan. Mußte allerdings nicht mehr mit Ok bestätigen sondern es fing gleich an zu scannen. Hier der Log.
OTL Logfile:
Code:
OTL logfile created on: 16.10.2012 21:38:20 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Resi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1013,27 Mb Total Physical Memory | 317,31 Mb Available Physical Memory | 31,32% Memory free
2,23 Gb Paging File | 1,02 Gb Available in Paging File | 45,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,14 Gb Total Space | 13,50 Gb Free Space | 26,40% Space Free | Partition Type: NTFS
Drive D: | 50,89 Gb Total Space | 50,80 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
 
Computer Name: RESI-PC | User Name: Resi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.16 21:37:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Resi\Downloads\OTL.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.20 23:48:47 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Resi\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.07.16 07:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2007.07.06 05:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.05.24 13:38:22 | 000,206,952 | ---- | M] (CyberLink Corp.) -- C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe
PRC - [2007.05.22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.04.25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.08 16:28:42 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.07.08 16:25:28 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011.07.08 16:25:14 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011.07.08 16:24:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.07.08 16:24:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.07.05 21:39:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.07.05 21:37:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.07.05 21:36:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.07.05 21:24:48 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.07.05 21:23:15 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.05.22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
MOD - [2007.05.10 14:05:42 | 000,003,584 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
MOD - [2007.05.10 14:05:40 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007.05.10 14:05:24 | 000,143,360 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007.05.10 14:05:24 | 000,010,752 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll
MOD - [2007.05.10 14:05:14 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007.05.10 14:05:08 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007.04.25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll
MOD - [2007.04.25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll
MOD - [2007.04.25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2007.04.25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2007.04.11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
MOD - [2007.04.11 15:07:46 | 000,077,824 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
MOD - [2007.03.14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll
MOD - [2007.03.14 11:00:08 | 000,135,168 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
MOD - [2007.02.13 06:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007.02.07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.10.15 22:05:46 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.05.22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.10 14:05:36 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.13 06:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.08.19 08:32:06 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.06.18 12:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.03.09 08:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.01.30 07:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006.11.02 15:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://search.aon.at
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = hxxp://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{DC5057F0-7856-4C75-B88B-1F20FC846864}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.15 22:05:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.15 22:05:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.15 22:05:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.15 22:05:24 | 000,000,000 | ---D | M]
 
[2012.10.15 22:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.15 22:05:47 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.15 22:05:40 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.15 22:05:40 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.15 22:05:40 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.15 22:05:40 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.15 22:05:40 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.15 22:05:40 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000..\Run: [Acer Tour Reminder]  File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.14.229.250 217.14.229.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F37C51B-3077-406E-AE07-C8F9DDAE33D4}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9DDC0C0-6696-4D20-AB9F-DF5915F59BD7}: DhcpNameServer = 217.14.229.250 217.14.229.251
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Resi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.15 22:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.13 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.13 20:42:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.11 22:39:22 | 000,000,000 | -HSD | C] -- \Config.Msi
[2012.10.10 22:19:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.10 22:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.10 22:19:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.10 22:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.10 22:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.02 16:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.02 16:28:59 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.02 16:28:59 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.02 16:28:59 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.02 16:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.16 21:27:54 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.16 21:06:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.16 21:03:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 21:03:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.16 21:03:13 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.10.16 21:03:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.14 18:09:03 | 000,538,941 | ---- | M] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.13 20:42:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Resi\Desktop\esetsmartinstaller_enu.exe
[2012.10.12 17:55:26 | 000,000,680 | ---- | M] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2012.10.10 22:19:39 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 22:09:52 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.10 14:15:01 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.10.02 16:31:12 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 18:08:17 | 000,538,941 | ---- | C] () -- C:\Users\Resi\Desktop\adwcleaner.exe
[2012.10.10 22:19:39 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.10 22:09:52 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.02 16:31:11 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2009.08.07 09:34:38 | 000,000,680 | ---- | C] () -- C:\Users\Resi\AppData\Local\d3d9caps.dat
[2009.07.12 20:02:47 | 000,005,632 | ---- | C] () -- C:\Users\Resi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.24 21:38:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.10.19 13:52:32 | 000,040,960 | ---- | C] () -- \junction.exe
[2007.07.28 05:10:13 | 000,333,203 | RHS- | C] () -- \bootmgr
[2007.07.28 05:10:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2007.07.27 19:27:27 | 000,000,512 | ---- | C] () -- \MDR.iss
[2006.11.02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006.11.02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 09:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2008.10.19 18:51:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\FarmFrenzy2
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2009.06.13 13:15:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\IM
[2009.06.13 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\IncrediMail
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\m2backup
[2007.11.30 12:36:56 | 000,000,000 | ---D | M] -- C:\Users\All Users\mquadr.at
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2008.10.19 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2009.05.29 21:59:33 | 000,000,000 | ---D | M] -- C:\Users\All Users\WindowsSearch
[2007.07.27 19:45:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2007.11.30 12:36:49 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{D6B1976C-D59B-4881-8378-7F29FE0A2822}
[2007.11.30 12:35:12 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E16513F0-65F3-4AB4-86DD-35C7C409A265}
[2007.11.30 12:35:26 | 000,000,000 | -H-D | M] -- C:\Users\All Users\{E8A874E7-129E-4647-B8C1-46227F252D4F}
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2006.11.02 13:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2006.11.02 12:23:35 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2006.11.02 12:23:35 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2007.11.20 23:43:08 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2012.10.11 22:35:20 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2007.11.20 23:43:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2006.11.02 12:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2010.05.20 21:49:40 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2006.11.02 14:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Anwendungsdaten
[2007.11.20 23:47:40 | 000,000,000 | -H-D | M] -- C:\Users\Resi\AppData
[2012.10.10 14:26:43 | 000,000,000 | R--D | M] -- C:\Users\Resi\Contacts
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Cookies
[2012.10.14 18:08:27 | 000,000,000 | R--D | M] -- C:\Users\Resi\Desktop
[2012.10.11 22:01:55 | 000,000,000 | R--D | M] -- C:\Users\Resi\Documents
[2012.10.16 21:37:10 | 000,000,000 | R--D | M] -- C:\Users\Resi\Downloads
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Druckumgebung
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Eigene Dateien
[2010.11.24 16:59:22 | 000,000,000 | R--D | M] -- C:\Users\Resi\Favorites
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Links
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Lokale Einstellungen
[2008.05.22 20:17:57 | 000,000,000 | R--D | M] -- C:\Users\Resi\Music
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Netzwerkumgebung
[2012.04.17 09:38:00 | 000,000,000 | R--D | M] -- C:\Users\Resi\Pictures
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Recent
[2007.11.20 18:03:39 | 000,000,000 | R--D | M] -- C:\Users\Resi\Saved Games
[2007.12.03 17:44:18 | 000,000,000 | R--D | M] -- C:\Users\Resi\Searches
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\SendTo
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Startmenü
[2007.11.20 23:48:16 | 000,000,000 | R--D | M] -- C:\Users\Resi\Videos
[2007.11.20 23:47:37 | 000,000,000 | -HSD | M] -- C:\Users\Resi\Vorlagen
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.04.24 18:16:22 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Adobe
[2012.10.02 16:37:25 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Avira
[2007.11.30 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\BearShare
[2007.11.20 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\CyberLink
[2008.04.24 22:01:14 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Google
[2007.11.20 23:48:07 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Identities
[2010.02.11 22:28:55 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Kodak
[2007.11.20 23:47:40 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Macromedia
[2012.10.10 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Media Center Programs
[2010.11.30 20:01:03 | 000,000,000 | --SD | M] -- C:\Users\Resi\AppData\Roaming\Microsoft
[2009.03.12 20:02:37 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Mozilla
[2007.11.30 12:37:05 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\mquadr.at
[2011.08.12 08:51:07 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Skype
[2011.08.12 08:40:28 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\skypePM
[2008.02.07 18:30:35 | 000,000,000 | ---D | M] -- C:\Users\Resi\AppData\Roaming\Sun
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2005.08.16 08:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.13 22:15:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 22:15:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 22:14:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: ENETHOOK.DLL  >
[2007.05.22 15:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007.05.22 15:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Windows\System32\eNetHook.dll
 
< MD5 for: IASTOR.SYS  >
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\drivers\iaStor.sys
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c5f2dca\iaStor.sys
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4b499ec9\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.07.27 18:41:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.07.27 18:41:18 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.07.28 02:32:39 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.07.28 02:32:37 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.07.28 02:32:39 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.07.28 02:32:49 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.07.28 02:32:51 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 668 bytes -> C:\Users\Resi\Documents\Samstagspost.eml:OECustomProperty
@Alternate Data Stream - 644 bytes -> C:\Users\Resi\Documents\KB.eml:OECustomProperty
@Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 1009 bytes -> C:\Users\Resi\Documents\Neue Energien von Cecilia Sifontes und Lightflow .eml:OECustomProperty

< End of report >
--- --- ---

Hoffe es ist jetzt richtig. Sonst weiß ich nicht was ich anders machen könnte.
Danke

cosinus 17.10.2012 14:04
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://search.aon.at
IE - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/webResults.html?src=ieb&q={searchTerms}
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1717004477-1848714301-563922846-1000\..\Toolbar\WebBrowser: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O3 - HKLM\..\Toolbar: (BearShare MediaBar) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (BearShare)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Tour]  File not found
@Alternate Data Stream - 126 bytes -> C:\Users\All Users\TEMP:E1F04E8D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E1F04E8D
:Files
C:\Programme\BearShare Applications\BearShare MediaBar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

anita_kitz 17.10.2012 15:58
Hallo cosinus.
Hab das jetzt mal gemacht. Das ist der Log:
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1717004477-1848714301-563922846-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry value HKEY_USERS\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ deleted successfully.
C:\Windows\System32\eDStoolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1717004477-1848714301-563922846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ deleted successfully.
C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}\ not found.
File C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
ADS C:\Users\All Users\TEMP:E1F04E8D deleted successfully.
Unable to delete ADS C:\ProgramData\TEMP:E1F04E8D .
========== FILES ==========
C:\Programme\BearShare Applications\BearShare MediaBar folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Resi\Downloads\cmd.bat deleted successfully.
C:\Users\Resi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Resi
->Temp folder emptied: 7212010 bytes
->Temporary Internet Files folder emptied: 1072221111 bytes
->Java cache emptied: 132814 bytes
->FireFox cache emptied: 49190314 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 141848 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 418984637 bytes
RecycleBin emptied: 97017613 bytes
 
Total Files Cleaned = 1.569,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10172012_163056

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Was liegt als nächstes an?
Danke Anita

cosinus 17.10.2012 16:16
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

anita_kitz 17.10.2012 16:38
Hier der Log:
Code:
17:31:13.0204 5716  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:31:13.0641 5716  ============================================================
17:31:13.0641 5716  Current date / time: 2012/10/17 17:31:13.0641
17:31:13.0641 5716  SystemInfo:
17:31:13.0641 5716 
17:31:13.0641 5716  OS Version: 6.0.6001 ServicePack: 1.0
17:31:13.0641 5716  Product type: Workstation
17:31:13.0641 5716  ComputerName: RESI-PC
17:31:13.0641 5716  UserName: Resi
17:31:13.0641 5716  Windows directory: C:\Windows
17:31:13.0641 5716  System windows directory: C:\Windows
17:31:13.0641 5716  Processor architecture: Intel x86
17:31:13.0641 5716  Number of processors: 1
17:31:13.0641 5716  Page size: 0x1000
17:31:13.0641 5716  Boot type: Normal boot
17:31:13.0641 5716  ============================================================
17:31:15.0810 5716  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:31:15.0810 5716  ============================================================
17:31:15.0810 5716  \Device\Harddisk0\DR0:
17:31:15.0810 5716  MBR partitions:
17:31:15.0810 5716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x6649800
17:31:15.0810 5716  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x79CE800, BlocksNum 0x65C5800
17:31:15.0810 5716  ============================================================
17:31:15.0903 5716  C: <-> \Device\Harddisk0\DR0\Partition1
17:31:15.0966 5716  D: <-> \Device\Harddisk0\DR0\Partition2
17:31:15.0966 5716  ============================================================
17:31:15.0966 5716  Initialize success
17:31:15.0966 5716  ============================================================
17:33:06.0195 6072  ============================================================
17:33:06.0195 6072  Scan started
17:33:06.0195 6072  Mode: Manual; SigCheck; TDLFS;
17:33:06.0195 6072  ============================================================
17:33:07.0365 6072  ================ Scan system memory ========================
17:33:07.0365 6072  System memory - ok
17:33:07.0365 6072  ================ Scan services =============================
17:33:07.0646 6072  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:33:07.0880 6072  ACPI - ok
17:33:07.0974 6072  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
17:33:08.0036 6072  adp94xx - ok
17:33:08.0083 6072  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
17:33:08.0114 6072  adpahci - ok
17:33:08.0161 6072  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:33:08.0192 6072  adpu160m - ok
17:33:08.0239 6072  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
17:33:08.0270 6072  adpu320 - ok
17:33:08.0332 6072  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
17:33:08.0754 6072  AeLookupSvc - ok
17:33:08.0832 6072  [ 48EB99503533C27AC6135648E5474457 ] AFD            C:\Windows\system32\drivers\afd.sys
17:33:08.0910 6072  AFD - ok
17:33:08.0972 6072  [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:33:09.0050 6072  AgereModemAudio - ok
17:33:09.0128 6072  [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
17:33:09.0362 6072  AgereSoftModem - ok
17:33:09.0440 6072  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:33:09.0456 6072  agp440 - ok
17:33:09.0502 6072  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
17:33:09.0518 6072  aic78xx - ok
17:33:09.0643 6072  [ 3845B6555DE995F6C0C07AE2ABCC0532 ] ALaunchService  C:\Acer\ALaunch\ALaunchSvc.exe
17:33:09.0658 6072  ALaunchService ( UnsignedFile.Multi.Generic ) - warning
17:33:09.0658 6072  ALaunchService - detected UnsignedFile.Multi.Generic (1)
17:33:09.0705 6072  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
17:33:09.0892 6072  ALG - ok
17:33:09.0924 6072  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:33:09.0955 6072  aliide - ok
17:33:09.0986 6072  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:33:10.0002 6072  amdagp - ok
17:33:10.0064 6072  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
17:33:10.0080 6072  amdide - ok
17:33:10.0126 6072  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
17:33:10.0376 6072  AmdK7 - ok
17:33:10.0423 6072  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
17:33:10.0532 6072  AmdK8 - ok
17:33:10.0688 6072  [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:33:10.0735 6072  AntiVirSchedulerService - ok
17:33:10.0813 6072  [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:33:10.0828 6072  AntiVirService - ok
17:33:10.0922 6072  [ 596FE09BAE862BF29220FC94075ED1CE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
17:33:10.0969 6072  AntiVirWebService - ok
17:33:11.0062 6072  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
17:33:11.0172 6072  Appinfo - ok
17:33:11.0218 6072  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
17:33:11.0234 6072  arc - ok
17:33:11.0281 6072  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:33:11.0296 6072  arcsas - ok
17:33:11.0359 6072  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:11.0468 6072  AsyncMac - ok
17:33:11.0530 6072  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi          C:\Windows\system32\drivers\atapi.sys
17:33:11.0546 6072  atapi - ok
17:33:11.0640 6072  [ B0C272DEF210B149C0BFA0D85600CE4B ] athr            C:\Windows\system32\DRIVERS\athr.sys
17:33:11.0749 6072  athr - ok
17:33:11.0827 6072  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:33:11.0920 6072  AudioEndpointBuilder - ok
17:33:11.0983 6072  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:33:12.0045 6072  Audiosrv - ok
17:33:12.0108 6072  [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:33:12.0310 6072  avgntflt - ok
17:33:12.0404 6072  [ C499333D8915597FE415F0058EFFD7D2 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:33:12.0435 6072  avipbb - ok
17:33:12.0482 6072  [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:33:12.0498 6072  avkmgr - ok
17:33:12.0544 6072  [ C7EA0E3E37FF1CD2BB65636448322572 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:33:12.0638 6072  b57nd60x - ok
17:33:12.0763 6072  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:33:12.0825 6072  Beep - ok
17:33:12.0919 6072  [ 8582E233C346AEFE759833E8A30DD697 ] BFE            C:\Windows\System32\bfe.dll
17:33:13.0012 6072  BFE - ok
17:33:13.0090 6072  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
17:33:13.0246 6072  BITS - ok
17:33:13.0262 6072  blbdrive - ok
17:33:13.0324 6072  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:33:13.0387 6072  bowser - ok
17:33:13.0465 6072  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:33:13.0527 6072  BrFiltLo - ok
17:33:13.0558 6072  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:33:13.0636 6072  BrFiltUp - ok
17:33:13.0683 6072  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
17:33:13.0761 6072  Browser - ok
17:33:13.0839 6072  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
17:33:14.0120 6072  Brserid - ok
17:33:14.0182 6072  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:33:14.0276 6072  BrSerWdm - ok
17:33:14.0323 6072  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:33:14.0416 6072  BrUsbMdm - ok
17:33:14.0448 6072  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:33:14.0526 6072  BrUsbSer - ok
17:33:14.0557 6072  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:33:14.0650 6072  BTHMODEM - ok
17:33:14.0713 6072  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:33:14.0775 6072  cdfs - ok
17:33:14.0838 6072  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
17:33:14.0931 6072  cdrom - ok
17:33:14.0978 6072  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc    C:\Windows\System32\certprop.dll
17:33:15.0040 6072  CertPropSvc - ok
17:33:15.0087 6072  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:33:15.0181 6072  circlass - ok
17:33:15.0259 6072  [ 465745561C832B29F7C48B488AAB3842 ] CLFS            C:\Windows\system32\CLFS.sys
17:33:15.0290 6072  CLFS - ok
17:33:15.0384 6072  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:15.0399 6072  clr_optimization_v2.0.50727_32 - ok
17:33:15.0524 6072  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:15.0555 6072  clr_optimization_v4.0.30319_32 - ok
17:33:15.0633 6072  CLTNetCnService - ok
17:33:15.0711 6072  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:33:15.0774 6072  CmBatt - ok
17:33:15.0820 6072  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:33:15.0836 6072  cmdide - ok
17:33:15.0867 6072  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:33:15.0883 6072  Compbatt - ok
17:33:15.0914 6072  COMSysApp - ok
17:33:15.0930 6072  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
17:33:15.0961 6072  crcdisk - ok
17:33:15.0992 6072  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:33:16.0101 6072  Crusoe - ok
17:33:16.0195 6072  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:33:16.0273 6072  CryptSvc - ok
17:33:16.0366 6072  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:33:16.0522 6072  DcomLaunch - ok
17:33:16.0616 6072  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:33:16.0663 6072  DfsC - ok
17:33:16.0819 6072  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
17:33:17.0037 6072  DFSR - ok
17:33:17.0115 6072  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:33:17.0193 6072  Dhcp - ok
17:33:17.0256 6072  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
17:33:17.0271 6072  disk - ok
17:33:17.0334 6072  [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr        C:\Windows\system32\DRIVERS\DKbFltr.sys
17:33:17.0349 6072  DKbFltr - ok
17:33:17.0412 6072  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:33:17.0505 6072  Dnscache - ok
17:33:17.0568 6072  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc        C:\Windows\System32\dot3svc.dll
17:33:17.0630 6072  dot3svc - ok
17:33:17.0724 6072  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
17:33:17.0770 6072  DPS - ok
17:33:17.0817 6072  [ 5C918D413F5837E67A85775C9873775E ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
17:33:17.0833 6072  DritekPortIO - ok
17:33:17.0895 6072  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
17:33:17.0958 6072  drmkaud - ok
17:33:18.0020 6072  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
17:33:18.0223 6072  DXGKrnl - ok
17:33:18.0285 6072  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
17:33:18.0472 6072  E1G60 - ok
17:33:18.0597 6072  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
17:33:18.0660 6072  EapHost - ok
17:33:18.0738 6072  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:33:18.0769 6072  Ecache - ok
17:33:18.0878 6072  [ F54907AA07F60AFF81E1E09E97AF98B0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
17:33:18.0925 6072  eDataSecurity Service - ok
17:33:19.0128 6072  [ 089296AEDB9B72B4916AC959752BDC89 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:33:19.0268 6072  eeCtrl - ok
17:33:19.0424 6072  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
17:33:19.0486 6072  ehRecvr - ok
17:33:19.0549 6072  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
17:33:19.0627 6072  ehSched - ok
17:33:19.0658 6072  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
17:33:19.0705 6072  ehstart - ok
17:33:19.0798 6072  [ FB5383BFD4DEC6792AAEF76C9343ECFF ] eLockService    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
17:33:19.0830 6072  eLockService ( UnsignedFile.Multi.Generic ) - warning
17:33:19.0830 6072  eLockService - detected UnsignedFile.Multi.Generic (1)
17:33:19.0892 6072  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
17:33:19.0923 6072  elxstor - ok
17:33:20.0001 6072  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
17:33:20.0126 6072  EMDMgmt - ok
17:33:20.0173 6072  [ 9316C26F089CF2CEA2BD1496AC9F38A4 ] eNet Service    C:\Acer\Empowering Technology\eNet\eNet Service.exe
17:33:20.0204 6072  eNet Service ( UnsignedFile.Multi.Generic ) - warning
17:33:20.0204 6072  eNet Service - detected UnsignedFile.Multi.Generic (1)
17:33:20.0251 6072  [ 3D184410EF5EE017E186AC96181B3FF8 ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
17:33:20.0282 6072  eRecoveryService ( UnsignedFile.Multi.Generic ) - warning
17:33:20.0282 6072  eRecoveryService - detected UnsignedFile.Multi.Generic (1)
17:33:20.0360 6072  [ CF2584CDF90DA24D3044021AAAD5DBAB ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
17:33:20.0391 6072  eSettingsService ( UnsignedFile.Multi.Generic ) - warning
17:33:20.0391 6072  eSettingsService - detected UnsignedFile.Multi.Generic (1)
17:33:20.0469 6072  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem    C:\Windows\system32\es.dll
17:33:20.0532 6072  EventSystem - ok
17:33:20.0594 6072  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat          C:\Windows\system32\drivers\exfat.sys
17:33:20.0672 6072  exfat - ok
17:33:20.0750 6072  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat        C:\Windows\system32\drivers\fastfat.sys
17:33:20.0828 6072  fastfat - ok
17:33:20.0890 6072  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
17:33:20.0984 6072  fdc - ok
17:33:21.0031 6072  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
17:33:21.0109 6072  fdPHost - ok
17:33:21.0156 6072  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:33:21.0265 6072  FDResPub - ok
17:33:21.0312 6072  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:33:21.0327 6072  FileInfo - ok
17:33:21.0374 6072  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
17:33:21.0436 6072  Filetrace - ok
17:33:21.0483 6072  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:21.0608 6072  flpydisk - ok
17:33:21.0717 6072  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:33:21.0748 6072  FltMgr - ok
17:33:21.0826 6072  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:33:21.0858 6072  FontCache3.0.0.0 - ok
17:33:21.0904 6072  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:33:21.0951 6072  Fs_Rec - ok
17:33:21.0982 6072  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:33:21.0998 6072  gagp30kx - ok
17:33:22.0076 6072  [ D9F1113D9401185245573350712F92FC ] gpsvc          C:\Windows\System32\gpsvc.dll
17:33:22.0232 6072  gpsvc - ok
17:33:22.0341 6072  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:22.0372 6072  gupdate - ok
17:33:22.0404 6072  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:33:22.0435 6072  gupdatem - ok
17:33:22.0482 6072  [ 408DDD80EEDE47175F6844817B90213E ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:33:22.0497 6072  gusvc - ok
17:33:22.0560 6072  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:33:22.0669 6072  HdAudAddService - ok
17:33:22.0731 6072  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:22.0794 6072  HDAudBus - ok
17:33:22.0840 6072  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:33:22.0950 6072  HidBth - ok
17:33:22.0981 6072  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
17:33:23.0090 6072  HidIr - ok
17:33:23.0137 6072  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv        C:\Windows\system32\hidserv.dll
17:33:23.0246 6072  hidserv - ok
17:33:23.0308 6072  [ 854CA287AB7FAF949617A788306D967E ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:33:23.0371 6072  HidUsb - ok
17:33:23.0418 6072  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:33:23.0480 6072  hkmsvc - ok
17:33:23.0542 6072  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
17:33:23.0574 6072  HpCISSs - ok
17:33:23.0620 6072  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:33:23.0683 6072  HSFHWAZL - ok
17:33:23.0745 6072  [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:33:23.0901 6072  HSF_DPV - ok
17:33:23.0932 6072  [ 194BC52FC0F53E540FAF9DE8A9C05255 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:33:23.0979 6072  HSXHWAZL - ok
17:33:24.0042 6072  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:33:24.0135 6072  HTTP - ok
17:33:24.0166 6072  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
17:33:24.0182 6072  i2omp - ok
17:33:24.0322 6072  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:24.0478 6072  i8042prt - ok
17:33:24.0541 6072  [ 16EC9C934AE82B45BEB0CFF9C4277EE8 ] iaStor          C:\Windows\system32\drivers\iastor.sys
17:33:24.0588 6072  iaStor ( UnsignedFile.Multi.Generic ) - warning
17:33:24.0588 6072  iaStor - detected UnsignedFile.Multi.Generic (1)
17:33:24.0681 6072  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
17:33:24.0775 6072  iaStorV - ok
17:33:24.0853 6072  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:33:24.0962 6072  idsvc - ok
17:33:25.0118 6072  [ C134E69CE901422D1F2D7EA8D69098FE ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:33:25.0321 6072  igfx - ok
17:33:25.0352 6072  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
17:33:25.0383 6072  iirsp - ok
17:33:25.0446 6072  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
17:33:25.0602 6072  IKEEXT - ok
17:33:25.0664 6072  [ 9D64201C9E5AC8D1F088762BA00FF3AB ] int15          C:\Acer\Empowering Technology\eRecovery\int15.sys
17:33:25.0695 6072  int15 - ok
17:33:25.0836 6072  [ 90A10B39896040B3154613C11C932AEB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:33:26.0116 6072  IntcAzAudAddService - ok
17:33:26.0179 6072  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:33:26.0194 6072  intelide - ok
17:33:26.0257 6072  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:33:26.0304 6072  intelppm - ok
17:33:26.0366 6072  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
17:33:26.0428 6072  IPBusEnum - ok
17:33:26.0491 6072  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:26.0553 6072  IpFilterDriver - ok
17:33:26.0616 6072  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:33:26.0694 6072  iphlpsvc - ok
17:33:26.0709 6072  IpInIp - ok
17:33:26.0756 6072  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
17:33:26.0881 6072  IPMIDRV - ok
17:33:27.0006 6072  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
17:33:27.0068 6072  IPNAT - ok
17:33:27.0130 6072  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:33:27.0193 6072  IRENUM - ok
17:33:27.0240 6072  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:33:27.0255 6072  isapnp - ok
17:33:27.0349 6072  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:33:27.0364 6072  iScsiPrt - ok
17:33:27.0396 6072  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:33:27.0427 6072  iteatapi - ok
17:33:27.0458 6072  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
17:33:27.0474 6072  iteraid - ok
17:33:27.0536 6072  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:27.0567 6072  kbdclass - ok
17:33:27.0598 6072  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:33:27.0692 6072  kbdhid - ok
17:33:27.0739 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
17:33:27.0832 6072  KeyIso - ok
17:33:27.0895 6072  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:33:27.0942 6072  KSecDD - ok
17:33:28.0004 6072  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
17:33:28.0160 6072  KtmRm - ok
17:33:28.0222 6072  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:33:28.0285 6072  LanmanServer - ok
17:33:28.0347 6072  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:33:28.0425 6072  LanmanWorkstation - ok
17:33:28.0488 6072  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:33:28.0519 6072  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:33:28.0519 6072  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:33:28.0566 6072  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:33:28.0628 6072  lltdio - ok
17:33:28.0690 6072  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
17:33:28.0768 6072  lltdsvc - ok
17:33:28.0831 6072  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
17:33:28.0924 6072  lmhosts - ok
17:33:29.0002 6072  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:33:29.0018 6072  LSI_FC - ok
17:33:29.0049 6072  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
17:33:29.0080 6072  LSI_SAS - ok
17:33:29.0112 6072  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:33:29.0143 6072  LSI_SCSI - ok
17:33:29.0190 6072  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
17:33:29.0283 6072  luafv - ok
17:33:29.0346 6072  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
17:33:29.0377 6072  MBAMProtector - ok
17:33:29.0533 6072  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:33:29.0626 6072  MBAMScheduler - ok
17:33:29.0798 6072  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:33:29.0970 6072  MBAMService - ok
17:33:30.0032 6072  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
17:33:30.0126 6072  Mcx2Svc - ok
17:33:30.0204 6072  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:33:30.0266 6072  mdmxsdk - ok
17:33:30.0313 6072  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
17:33:30.0328 6072  megasas - ok
17:33:30.0375 6072  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
17:33:30.0438 6072  MMCSS - ok
17:33:30.0484 6072  MobilityService - ok
17:33:30.0531 6072  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
17:33:30.0578 6072  Modem - ok
17:33:30.0609 6072  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
17:33:30.0672 6072  monitor - ok
17:33:30.0718 6072  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:33:30.0734 6072  mouclass - ok
17:33:30.0796 6072  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:33:30.0874 6072  mouhid - ok
17:33:30.0921 6072  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:33:30.0937 6072  MountMgr - ok
17:33:31.0062 6072  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:33:31.0077 6072  MozillaMaintenance - ok
17:33:31.0155 6072  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:33:31.0171 6072  mpio - ok
17:33:31.0249 6072  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:33:31.0280 6072  mpsdrv - ok
17:33:31.0358 6072  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:33:31.0467 6072  MpsSvc - ok
17:33:31.0514 6072  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:33:31.0530 6072  Mraid35x - ok
17:33:31.0592 6072  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:33:31.0654 6072  MRxDAV - ok
17:33:31.0717 6072  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:31.0795 6072  mrxsmb - ok
17:33:31.0826 6072  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:31.0888 6072  mrxsmb10 - ok
17:33:31.0920 6072  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:31.0966 6072  mrxsmb20 - ok
17:33:32.0029 6072  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:33:32.0060 6072  msahci - ok
17:33:32.0091 6072  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
17:33:32.0122 6072  msdsm - ok
17:33:32.0185 6072  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
17:33:32.0247 6072  MSDTC - ok
17:33:32.0325 6072  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:33:32.0388 6072  Msfs - ok
17:33:32.0466 6072  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:33:32.0481 6072  msisadrv - ok
17:33:32.0544 6072  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
17:33:32.0606 6072  MSiSCSI - ok
17:33:32.0637 6072  msiserver - ok
17:33:32.0700 6072  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
17:33:32.0746 6072  MSKSSRV - ok
17:33:32.0809 6072  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:32.0856 6072  MSPCLOCK - ok
17:33:32.0934 6072  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
17:33:33.0012 6072  MSPQM - ok
17:33:33.0058 6072  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
17:33:33.0090 6072  MsRPC - ok
17:33:33.0136 6072  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:33:33.0152 6072  mssmbios - ok
17:33:33.0199 6072  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
17:33:33.0261 6072  MSTEE - ok
17:33:33.0292 6072  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup            C:\Windows\system32\Drivers\mup.sys
17:33:33.0324 6072  Mup - ok
17:33:33.0386 6072  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
17:33:33.0464 6072  napagent - ok
17:33:33.0542 6072  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
17:33:33.0604 6072  NativeWifiP - ok
17:33:33.0667 6072  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:33:33.0760 6072  NDIS - ok
17:33:33.0885 6072  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:33.0979 6072  NdisTapi - ok
17:33:34.0041 6072  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:34.0119 6072  Ndisuio - ok
17:33:34.0182 6072  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:34.0260 6072  NdisWan - ok
17:33:34.0306 6072  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
17:33:34.0369 6072  NDProxy - ok
17:33:34.0416 6072  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
17:33:34.0478 6072  NetBIOS - ok
17:33:34.0556 6072  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
17:33:34.0634 6072  netbt - ok
17:33:34.0665 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
17:33:34.0696 6072  Netlogon - ok
17:33:34.0759 6072  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:33:34.0852 6072  Netman - ok
17:33:34.0993 6072  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:33:35.0118 6072  netprofm - ok
17:33:35.0180 6072  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:33:35.0211 6072  NetTcpPortSharing - ok
17:33:35.0320 6072  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
17:33:35.0383 6072  nfrd960 - ok
17:33:35.0414 6072  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:33:35.0523 6072  NlaSvc - ok
17:33:35.0554 6072  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:33:35.0617 6072  Npfs - ok
17:33:35.0664 6072  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
17:33:35.0726 6072  nsi - ok
17:33:35.0773 6072  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:33:35.0820 6072  nsiproxy - ok
17:33:35.0913 6072  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:33:36.0054 6072  Ntfs - ok
17:33:36.0116 6072  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr        C:\Windows\system32\DRIVERS\NTIDrvr.sys
17:33:36.0147 6072  NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
17:33:36.0147 6072  NTIDrvr - detected UnsignedFile.Multi.Generic (1)
17:33:36.0178 6072  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
17:33:36.0272 6072  ntrigdigi - ok
17:33:36.0303 6072  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:33:36.0397 6072  Null - ok
17:33:36.0428 6072  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:33:36.0475 6072  nvraid - ok
17:33:36.0522 6072  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:33:36.0537 6072  nvstor - ok
17:33:36.0568 6072  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:33:36.0600 6072  nv_agp - ok
17:33:36.0615 6072  NwlnkFlt - ok
17:33:36.0646 6072  NwlnkFwd - ok
17:33:36.0787 6072  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:33:36.0818 6072  odserv - ok
17:33:36.0865 6072  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:33:36.0974 6072  ohci1394 - ok
17:33:37.0114 6072  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:33:37.0146 6072  ose - ok
17:33:37.0208 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:33:37.0364 6072  p2pimsvc - ok
17:33:37.0442 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:33:37.0754 6072  p2psvc - ok
17:33:37.0816 6072  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
17:33:37.0910 6072  Parport - ok
17:33:37.0988 6072  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
17:33:38.0019 6072  partmgr - ok
17:33:38.0050 6072  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:33:38.0160 6072  Parvdm - ok
17:33:38.0206 6072  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:33:38.0253 6072  PcaSvc - ok
17:33:38.0300 6072  [ 01B94418DEB235DFF777CC80076354B4 ] pci            C:\Windows\system32\drivers\pci.sys
17:33:38.0331 6072  pci - ok
17:33:38.0394 6072  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:33:38.0409 6072  pciide - ok
17:33:38.0456 6072  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:33:38.0503 6072  pcmcia - ok
17:33:38.0581 6072  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:33:38.0815 6072  PEAUTH - ok
17:33:38.0971 6072  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
17:33:39.0142 6072  pla - ok
17:33:39.0205 6072  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:33:39.0267 6072  PlugPlay - ok
17:33:39.0330 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
17:33:39.0408 6072  PNRPAutoReg - ok
17:33:39.0470 6072  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
17:33:39.0548 6072  PNRPsvc - ok
17:33:39.0626 6072  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
17:33:39.0766 6072  PolicyAgent - ok
17:33:39.0829 6072  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:33:39.0922 6072  PptpMiniport - ok
17:33:39.0954 6072  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
17:33:40.0078 6072  Processor - ok
17:33:40.0125 6072  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc        C:\Windows\system32\profsvc.dll
17:33:40.0203 6072  ProfSvc - ok
17:33:40.0234 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:33:40.0281 6072  ProtectedStorage - ok
17:33:40.0359 6072  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:33:40.0500 6072  PSched - ok
17:33:40.0531 6072  [ E801D5CC24E1CF18FA87D24D7074B876 ] PSDFilter      C:\Windows\system32\DRIVERS\psdfilter.sys
17:33:40.0546 6072  PSDFilter - ok
17:33:40.0671 6072  [ 24B5E3429F7F0E779FC2E6E36A0A5F73 ] PSDNServ        C:\Windows\system32\drivers\PSDNServ.sys
17:33:40.0687 6072  PSDNServ - ok
17:33:40.0749 6072  [ 01CBFD08C0E8A6106BB26FCDA297154E ] psdvdisk        C:\Windows\system32\drivers\psdvdisk.sys
17:33:40.0765 6072  psdvdisk - ok
17:33:40.0874 6072  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:33:41.0014 6072  ql2300 - ok
17:33:41.0077 6072  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:33:41.0092 6072  ql40xx - ok
17:33:41.0155 6072  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
17:33:41.0202 6072  QWAVE - ok
17:33:41.0248 6072  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:33:41.0280 6072  QWAVEdrv - ok
17:33:41.0342 6072  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:33:41.0389 6072  RasAcd - ok
17:33:41.0451 6072  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
17:33:41.0514 6072  RasAuto - ok
17:33:41.0592 6072  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
17:33:41.0654 6072  Rasl2tp - ok
17:33:41.0716 6072  [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan          C:\Windows\System32\rasmans.dll
17:33:41.0779 6072  RasMan - ok
17:33:41.0826 6072  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:33:41.0904 6072  RasPppoe - ok
17:33:41.0950 6072  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
17:33:42.0044 6072  RasSstp - ok
17:33:42.0091 6072  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
17:33:42.0200 6072  rdbss - ok
17:33:42.0247 6072  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:33:42.0294 6072  RDPCDD - ok
17:33:42.0372 6072  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
17:33:42.0481 6072  rdpdr - ok
17:33:42.0528 6072  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:33:42.0574 6072  RDPENCDD - ok
17:33:42.0637 6072  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
17:33:42.0715 6072  RDPWD - ok
17:33:42.0840 6072  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:33:42.0933 6072  RemoteAccess - ok
17:33:42.0980 6072  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:33:43.0058 6072  RemoteRegistry - ok
17:33:43.0136 6072  [ 0A468612A19FEB657D127E7C4810F6FC ] RichVideo      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:33:43.0167 6072  RichVideo ( UnsignedFile.Multi.Generic ) - warning
17:33:43.0167 6072  RichVideo - detected UnsignedFile.Multi.Generic (1)
17:33:43.0214 6072  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:33:43.0292 6072  RpcLocator - ok
17:33:43.0339 6072  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs          C:\Windows\system32\rpcss.dll
17:33:43.0417 6072  RpcSs - ok
17:33:43.0479 6072  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:33:43.0542 6072  rspndr - ok
17:33:43.0573 6072  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs          C:\Windows\system32\lsass.exe
17:33:43.0588 6072  SamSs - ok
17:33:43.0635 6072  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:33:43.0651 6072  sbp2port - ok
17:33:43.0729 6072  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:33:43.0807 6072  SCardSvr - ok
17:33:43.0885 6072  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
17:33:44.0010 6072  Schedule - ok
17:33:44.0088 6072  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc    C:\Windows\System32\certprop.dll
17:33:44.0134 6072  SCPolicySvc - ok
17:33:44.0197 6072  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:33:44.0290 6072  SDRSVC - ok
17:33:44.0337 6072  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:33:44.0462 6072  secdrv - ok
17:33:44.0509 6072  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:33:44.0587 6072  seclogon - ok
17:33:44.0634 6072  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:33:44.0696 6072  SENS - ok
17:33:44.0727 6072  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
17:33:44.0821 6072  Serenum - ok
17:33:44.0868 6072  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:33:44.0977 6072  Serial - ok
17:33:45.0008 6072  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:33:45.0086 6072  sermouse - ok
17:33:45.0258 6072  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:33:45.0304 6072  SessionEnv - ok
17:33:45.0367 6072  [ 103B79418DA647736EE95645F305F68A ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
17:33:45.0476 6072  sffdisk - ok
17:33:45.0507 6072  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:33:45.0616 6072  sffp_mmc - ok
17:33:45.0663 6072  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
17:33:45.0804 6072  sffp_sd - ok
17:33:45.0835 6072  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
17:33:46.0053 6072  sfloppy - ok
17:33:46.0116 6072  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:33:46.0209 6072  SharedAccess - ok
17:33:46.0256 6072  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:33:46.0334 6072  ShellHWDetection - ok
17:33:46.0365 6072  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:33:46.0396 6072  sisagp - ok
17:33:46.0412 6072  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:33:46.0428 6072  SiSRaid2 - ok
17:33:46.0474 6072  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:33:46.0490 6072  SiSRaid4 - ok
17:33:46.0552 6072  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
17:33:46.0568 6072  SkypeUpdate - ok
17:33:46.0724 6072  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc          C:\Windows\system32\SLsvc.exe
17:33:47.0005 6072  slsvc - ok
17:33:47.0067 6072  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:33:47.0192 6072  SLUINotify - ok
17:33:47.0223 6072  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
17:33:47.0301 6072  Smb - ok
17:33:47.0364 6072  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:33:47.0410 6072  SNMPTRAP - ok
17:33:47.0473 6072  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
17:33:47.0504 6072  spldr - ok
17:33:47.0566 6072  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler        C:\Windows\System32\spoolsv.exe
17:33:47.0613 6072  Spooler - ok
17:33:47.0691 6072  [ 2252AEF839B1093D16761189F45AF885 ] srv            C:\Windows\system32\DRIVERS\srv.sys
17:33:47.0785 6072  srv - ok
17:33:47.0832 6072  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:33:47.0910 6072  srv2 - ok
17:33:47.0972 6072  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:33:48.0019 6072  srvnet - ok
17:33:48.0097 6072  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
17:33:48.0175 6072  SSDPSRV - ok
17:33:48.0222 6072  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:33:48.0253 6072  ssmdrv - ok
17:33:48.0315 6072  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
17:33:48.0393 6072  SstpSvc - ok
17:33:48.0471 6072  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
17:33:48.0549 6072  stisvc - ok
17:33:48.0596 6072  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:33:48.0627 6072  swenum - ok
17:33:48.0674 6072  [ B36C7CDB86F7F7A8E884479219766950 ] swprv          C:\Windows\System32\swprv.dll
17:33:48.0752 6072  swprv - ok
17:33:48.0814 6072  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
17:33:48.0830 6072  Symc8xx - ok
17:33:48.0861 6072  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:33:48.0892 6072  Sym_hi - ok
17:33:48.0924 6072  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:33:48.0939 6072  Sym_u3 - ok
17:33:49.0002 6072  [ 8A321F644C0F2D403B867481065E7EC2 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
17:33:49.0033 6072  SynTP - ok
17:33:49.0189 6072  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain        C:\Windows\system32\sysmain.dll
17:33:49.0314 6072  SysMain - ok
17:33:49.0376 6072  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:33:49.0438 6072  TabletInputService - ok
17:33:49.0501 6072  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv        C:\Windows\System32\tapisrv.dll
17:33:49.0579 6072  TapiSrv - ok
17:33:49.0626 6072  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
17:33:49.0688 6072  TBS - ok
17:33:49.0782 6072  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
17:33:49.0938 6072  Tcpip - ok
17:33:50.0016 6072  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:33:50.0156 6072  Tcpip6 - ok
17:33:50.0218 6072  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:33:50.0265 6072  tcpipreg - ok
17:33:50.0312 6072  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:33:50.0359 6072  TDPIPE - ok
17:33:50.0421 6072  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
17:33:50.0499 6072  TDTCP - ok
17:33:50.0546 6072  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
17:33:50.0593 6072  tdx - ok
17:33:50.0640 6072  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:33:50.0655 6072  TermDD - ok
17:33:50.0733 6072  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService    C:\Windows\System32\termsrv.dll
17:33:50.0889 6072  TermService - ok
17:33:50.0983 6072  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
17:33:51.0030 6072  Themes - ok
17:33:51.0092 6072  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
17:33:51.0186 6072  THREADORDER - ok
17:33:51.0248 6072  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:33:51.0342 6072  TrkWks - ok
17:33:51.0529 6072  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:33:51.0576 6072  TrustedInstaller - ok
17:33:51.0638 6072  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:33:51.0700 6072  tssecsrv - ok
17:33:51.0763 6072  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
17:33:51.0825 6072  tunmp - ok
17:33:51.0841 6072  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:33:51.0888 6072  tunnel - ok
17:33:51.0934 6072  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:33:51.0950 6072  uagp35 - ok
17:33:52.0028 6072  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:33:52.0090 6072  udfs - ok
17:33:52.0184 6072  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
17:33:52.0246 6072  UI0Detect - ok
17:33:52.0278 6072  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:33:52.0309 6072  uliagpkx - ok
17:33:52.0356 6072  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
17:33:52.0402 6072  uliahci - ok
17:33:52.0449 6072  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:33:52.0465 6072  UlSata - ok
17:33:52.0496 6072  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
17:33:52.0527 6072  ulsata2 - ok
17:33:52.0590 6072  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
17:33:52.0652 6072  umbus - ok
17:33:52.0714 6072  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:33:52.0777 6072  upnphost - ok
17:33:52.0855 6072  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
17:33:52.0886 6072  usbccgp - ok
17:33:52.0917 6072  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:33:53.0026 6072  usbcir - ok
17:33:53.0104 6072  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
17:33:53.0182 6072  usbehci - ok
17:33:53.0245 6072  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:33:53.0292 6072  usbhub - ok
17:33:53.0323 6072  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
17:33:53.0432 6072  usbohci - ok
17:33:53.0479 6072  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:33:53.0572 6072  usbprint - ok
17:33:53.0635 6072  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:33:53.0713 6072  USBSTOR - ok
17:33:53.0760 6072  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
17:33:53.0806 6072  usbuhci - ok
17:33:53.0869 6072  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms          C:\Windows\System32\uxsms.dll
17:33:53.0931 6072  UxSms - ok
17:33:53.0994 6072  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds            C:\Windows\System32\vds.exe
17:33:54.0118 6072  vds - ok
17:33:54.0181 6072  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
17:33:54.0290 6072  vga - ok
17:33:54.0337 6072  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
17:33:54.0415 6072  VgaSave - ok
17:33:54.0446 6072  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:33:54.0477 6072  viaagp - ok
17:33:54.0508 6072  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
17:33:54.0618 6072  ViaC7 - ok
17:33:54.0649 6072  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:33:54.0680 6072  viaide - ok
17:33:54.0711 6072  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:33:54.0742 6072  volmgr - ok
17:33:54.0789 6072  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
17:33:54.0820 6072  volmgrx - ok
17:33:54.0883 6072  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
17:33:54.0930 6072  volsnap - ok
17:33:54.0976 6072  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
17:33:55.0008 6072  vsmraid - ok
17:33:55.0086 6072  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS            C:\Windows\system32\vssvc.exe
17:33:55.0273 6072  VSS - ok
17:33:55.0320 6072  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time        C:\Windows\system32\w32time.dll
17:33:55.0398 6072  W32Time - ok
17:33:55.0460 6072  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:33:55.0554 6072  WacomPen - ok
17:33:55.0616 6072  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:33:55.0663 6072  Wanarp - ok
17:33:55.0678 6072  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:33:55.0725 6072  Wanarpv6 - ok
17:33:55.0803 6072  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
17:33:55.0866 6072  wcncsvc - ok
17:33:55.0912 6072  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:33:55.0959 6072  WcsPlugInService - ok
17:33:55.0990 6072  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:33:56.0006 6072  Wd - ok
17:33:56.0178 6072  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:33:56.0427 6072  Wdf01000 - ok
17:33:56.0490 6072  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:33:56.0599 6072  WdiServiceHost - ok
17:33:56.0630 6072  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
17:33:56.0770 6072  WdiSystemHost - ok
17:33:56.0817 6072  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient      C:\Windows\System32\webclnt.dll
17:33:56.0880 6072  WebClient - ok
17:33:56.0926 6072  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:33:56.0989 6072  Wecsvc - ok
17:33:57.0067 6072  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
17:33:57.0114 6072  wercplsupport - ok
17:33:57.0145 6072  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:33:57.0223 6072  WerSvc - ok
17:33:57.0270 6072  [ C9C63410D8CF98F621B9CC62243FB877 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:33:57.0379 6072  winachsf - ok
17:33:57.0441 6072  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
17:33:57.0472 6072  WinDefend - ok
17:33:57.0504 6072  WinHttpAutoProxySvc - ok
17:33:57.0613 6072  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
17:33:57.0691 6072  Winmgmt - ok
17:33:57.0784 6072  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
17:33:57.0925 6072  WinRM - ok
17:33:58.0018 6072  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc        C:\Windows\System32\wlansvc.dll
17:33:58.0112 6072  Wlansvc - ok
17:33:58.0174 6072  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
17:33:58.0237 6072  WmiAcpi - ok
17:33:58.0299 6072  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:33:58.0362 6072  wmiApSrv - ok
17:33:58.0424 6072  [ EE80AC462A171DBF06EEB2058B5D3BC6 ] WMIService      C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
17:33:58.0471 6072  WMIService ( UnsignedFile.Multi.Generic ) - warning
17:33:58.0471 6072  WMIService - detected UnsignedFile.Multi.Generic (1)
17:33:58.0564 6072  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
17:33:58.0752 6072  WMPNetworkSvc - ok
17:33:58.0814 6072  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:33:58.0876 6072  WPCSvc - ok
17:33:58.0923 6072  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:33:58.0970 6072  WPDBusEnum - ok
17:33:59.0032 6072  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:33:59.0079 6072  WpdUsb - ok
17:33:59.0220 6072  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:33:59.0313 6072  WPFFontCache_v0400 - ok
17:33:59.0360 6072  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
17:33:59.0422 6072  ws2ifsl - ok
17:33:59.0485 6072  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
17:33:59.0500 6072  wscsvc - ok
17:33:59.0532 6072  WSearch - ok
17:33:59.0656 6072  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:33:59.0828 6072  wuauserv - ok
17:33:59.0875 6072  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:33:59.0937 6072  WUDFRd - ok
17:33:59.0984 6072  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
17:34:00.0046 6072  wudfsvc - ok
17:34:00.0078 6072  [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
17:34:00.0140 6072  XAudio - ok
17:34:00.0202 6072  [ F82FC2C30A19442B95AE554215837C46 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
17:34:00.0296 6072  XAudioService - ok
17:34:00.0421 6072  [ 8098180B3F6C430A4E60333BC036F936 ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
17:34:00.0436 6072  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
17:34:00.0468 6072  ================ Scan global ===============================
17:34:00.0514 6072  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:34:00.0577 6072  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
17:34:00.0624 6072  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
17:34:00.0686 6072  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
17:34:00.0702 6072  [Global] - ok
17:34:00.0702 6072  ================ Scan MBR ==================================
17:34:00.0764 6072  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
17:34:06.0489 6072  \Device\Harddisk0\DR0 - ok
17:34:06.0505 6072  ================ Scan VBR ==================================
17:34:06.0505 6072  [ 948902500FAB6F7B4136A36B3A8328F4 ] \Device\Harddisk0\DR0\Partition1
17:34:06.0505 6072  \Device\Harddisk0\DR0\Partition1 - ok
17:34:06.0552 6072  [ 1E88FAB5E439DB35D96B2DEF1CAA456E ] \Device\Harddisk0\DR0\Partition2
17:34:06.0552 6072  \Device\Harddisk0\DR0\Partition2 - ok
17:34:06.0567 6072  ============================================================
17:34:06.0567 6072  Scan finished
17:34:06.0567 6072  ============================================================
17:34:06.0614 5956  Detected object count: 10
17:34:06.0614 5956  Actual detected object count: 10
17:36:33.0115 5956  ALaunchService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  ALaunchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0115 5956  eLockService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eLockService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0115 5956  eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0115 5956  eRecoveryService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eRecoveryService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0115 5956  eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0115 5956  eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0130 5956  iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0130 5956  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0130 5956  NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0130 5956  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:36:33.0130 5956  WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
17:36:33.0130 5956  WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Was soll ich weiter machen?
danke

cosinus 17.10.2012 17:49
Du brauchst nicht bei jedem Post zu fragen wie es weiter geht, ich seh das schon wenn du das Log gepostet hast

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

anita_kitz 18.10.2012 00:19
Hallo cosinus,
hier der inhalt aus der logdatei :
Combofix Logfile:
Code:
ComboFix 12-10-17.05 - Resi 18.10.2012  0:44.1.1 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.43.1031.18.1013.314 [GMT 2:00]
ausgeführt von:: c:\users\Resi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\msstdfmt.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-17 bis 2012-10-17  ))))))))))))))))))))))))))))))
.
.
2012-10-17 23:01 . 2012-10-17 23:01        --------        d-----w-        c:\users\Resi\AppData\Local\temp
2012-10-17 23:01 . 2012-10-17 23:01        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-17 14:30 . 2012-10-17 14:30        --------        d-----w-        C:\_OTL
2012-10-13 18:43 . 2012-10-13 18:43        --------        d-----w-        c:\program files\ESET
2012-10-10 20:21 . 2012-10-10 20:21        --------        d-----w-        c:\users\Resi\AppData\Roaming\Malwarebytes
2012-10-10 20:19 . 2012-10-10 20:19        --------        d-----w-        c:\programdata\Malwarebytes
2012-10-10 20:19 . 2012-10-10 20:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-10-10 20:19 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-10-10 20:17 . 2012-10-10 20:14        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-10-10 20:16 . 2012-10-10 20:15        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2012-10-10 20:09 . 2012-10-17 14:12        --------        d-----w-        c:\program files\Mozilla Maintenance Service
2012-10-02 14:37 . 2012-10-02 14:37        --------        d-----w-        c:\users\Resi\AppData\Roaming\Avira
2012-10-02 14:28 . 2012-10-01 15:14        134184        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-10-02 14:28 . 2012-09-24 07:58        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-10-02 14:28 . 2012-09-13 08:58        83792        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-10-02 14:28 . 2012-10-02 14:31        --------        d-----w-        c:\programdata\Avira
2012-10-02 14:28 . 2012-10-02 14:28        --------        d-----w-        c:\program files\Avira
2012-10-02 13:21 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F96F89EB-1305-42A7-BCAB-885C5617FDD0}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:14 . 2011-01-10 17:00        746984        ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-13 17:03 . 2012-07-13 17:03        4024320        ----a-w-        c:\program files\GUTDE5.tmp
2012-10-15 20:05 . 2012-10-15 20:05        261600        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2012-07-13 17418928]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-09 845360]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-14 161336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-27 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-24 18:54]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 21:08]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 21:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 217.14.229.250 217.14.229.251
FF - ProfilePath - c:\users\Resi\AppData\Roaming\Mozilla\Firefox\Profiles\ow6ix0zn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - ExtSQL: !HIDDEN! 2009-08-08 07:12; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
AddRemove-BearShare MediaBar - c:\program files\BearShare Applications\BearShare MediaBar\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-18 01:01
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-10-18  01:06:17
ComboFix-quarantined-files.txt  2012-10-17 23:06
.
Vor Suchlauf: 14 Verzeichnis(se), 13.731.553.280 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 13.952.036.864 Bytes frei
.
- - End Of File - - 16AB284E94EAAF5B584B2FF41F1C1702
--- --- ---

cosinus 18.10.2012 10:01
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

anita_kitz 18.10.2012 11:53
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-18 12:50:08
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: 1s9d5sq7.exe; Driver: C:\Users\Resi\AppData\Local\Temp\kgldrpod.sys


---- System - GMER 1.0.15 ----

SSDT            88C8CB56                                                                                            ZwCreateSection
SSDT            88C8CB60                                                                                            ZwRequestWaitReplyPort
SSDT            88C8CB5B                                                                                            ZwSetContextThread
SSDT            88C8CB65                                                                                            ZwSetSecurityObject
SSDT            88C8CB6A                                                                                            ZwSystemDebugControl
SSDT            88C8CAF7                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!KeInsertQueue + 405                                                                    81CA09CC 4 Bytes  [56, CB, C8, 88]
.text          ntoskrnl.exe!KeInsertQueue + 729                                                                    81CA0CF0 4 Bytes  [60, CB, C8, 88]
.text          ntoskrnl.exe!KeInsertQueue + 75D                                                                    81CA0D24 4 Bytes  [5B, CB, C8, 88]
.text          ntoskrnl.exe!KeInsertQueue + 7C1                                                                    81CA0D88 4 Bytes  [65, CB, C8, 88]
.text          ntoskrnl.exe!KeInsertQueue + 809                                                                    81CA0DD0 4 Bytes  [6A, CB, C8, 88]
.text          ...                                                                                                 

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [75058864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [75099855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [7505B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [7504FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [75057A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [7504EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [7508B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [7505BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [75050756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [750506BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [750471B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [750DD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [75077329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [7504E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [7504697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [750469A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3316] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [75052475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:05:11 on 18.10.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "acer" - C:\Windows\System32\eNetHook.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira Operations GmbH & Co. KG" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Resi\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgldrpod" (kgldrpod) - ? - C:\Users\Resi\AppData\Local\Temp\kgldrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} "Java Plug-in 1.4.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
<binary data> "{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"Google Updater" - "Google" - "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe
"Avira Browser-Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit-Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

cosinus 18.10.2012 12:35
was ist mit aswMBR?

anita_kitz 18.10.2012 12:40
ist noch am scannen... weiß nicht ob es hängt oder noch scannt... steht bei AVAST engine scan C:\Users\Resi...

Muß jetzt allerdings außer haus... werd ihn laufen lassen und wenn ich so ca 5 Uhr zurück komm dann weiter machen...

hier die logdatei von aswMBR
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-18 13:08:04
-----------------------------
13:08:04.146    OS Version: Windows 6.0.6001 Service Pack 1
13:08:04.146    Number of processors: 1 586 0x1601
13:08:04.146    ComputerName: RESI-PC  UserName: Resi
13:08:18.467    Initialize success
13:18:08.078    AVAST engine defs: 12101801
13:18:19.809    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
13:18:19.809    Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3
13:18:20.714    Disk 0 MBR read successfully
13:18:20.714    Disk 0 MBR scan
13:18:21.198    Disk 0 unknown MBR code
13:18:21.338    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        9993 MB offset 63
13:18:21.447    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS        52371 MB offset 20467712
13:18:21.588    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        52107 MB offset 127723520
13:18:22.071    Disk 0 scanning sectors +234438656
13:18:24.208    Disk 0 scanning C:\Windows\system32\drivers
13:20:14.064    Service scanning
13:21:04.982    Modules scanning
13:21:32.532    Disk 0 trace - called modules:
13:21:32.594    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll dxgkrnl.sys igdkmd32.sys
13:21:32.610    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x841017c0]
13:21:32.641    3 CLASSPNP.SYS[865bf745] -> nt!IofCallDriver -> [0x84007b98]
13:21:35.667    AVAST engine scan C:\Windows
13:21:52.141    AVAST engine scan C:\Windows\system32
13:32:09.199    AVAST engine scan C:\Windows\system32\drivers
13:32:46.998    AVAST engine scan C:\Users\Resi
14:01:34.666    AVAST engine scan C:\ProgramData
14:04:32.163    Scan finished successfully
16:59:12.620    Disk 0 MBR has been saved successfully to "C:\Users\Resi\Desktop\MBR.dat"
16:59:12.791    The log file has been saved successfully to "C:\Users\Resi\Desktop\aswMBR.txt"

anita_kitz 23.10.2012 21:02
Hallo cosinus,

ist noch etwas zu machen nach diesem scan? Denn dann muß ich den Lapi wieder von seiner Besitzerin holen, hab ihn ihr übers Wochenende gebracht.

Danke Anita

cosinus 24.10.2012 10:21
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

anita_kitz 26.10.2012 13:56
So hier der log von dem fix.
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 10:17:08
-----------------------------
10:17:08.746    OS Version: Windows 6.0.6001 Service Pack 1
10:17:08.746    Number of processors: 1 586 0x1601
10:17:08.746    ComputerName: RESI-PC  UserName: Resi
10:18:02.191    Initialize success
10:28:21.755    AVAST engine defs: 12102502
10:28:50.632    Verifying
10:29:00.678    Disk 0 Windows 600 MBR fixed successfully
10:33:48.139    Disk 0 MBR has been saved successfully to "C:\Users\Resi\Desktop\MBR.dat"
10:33:48.155    The log file has been saved successfully to "C:\Users\Resi\Desktop\aswMBR26.10.txt"
und der log von dem neuerlichen scan von aswMBR
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-26 10:48:29
-----------------------------
10:48:29.543    OS Version: Windows 6.0.6001 Service Pack 1
10:48:29.543    Number of processors: 1 586 0x1601
10:48:29.543    ComputerName: RESI-PC  UserName: Resi
10:49:06.889    Initialize success
10:49:43.690    AVAST engine defs: 12102502
10:55:00.370    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
10:55:00.401    Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3
10:55:00.432    Disk 0 MBR read successfully
10:55:00.432    Disk 0 MBR scan
10:55:00.760    Disk 0 Windows VISTA default MBR code
10:55:00.775    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        9993 MB offset 63
10:55:00.838    Disk 0 Partition 2 80 (A) 06        FAT16 NTFS        52371 MB offset 20467712
10:55:00.900    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        52107 MB offset 127723520
10:55:00.963    Disk 0 scanning sectors +234438656
10:55:01.181    Disk 0 scanning C:\Windows\system32\drivers
10:55:39.198    Service scanning
10:56:35.795    Modules scanning
10:56:49.258    Disk 0 trace - called modules:
10:56:49.305    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
10:56:49.320    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8416dac8]
10:56:49.320    3 CLASSPNP.SYS[865c3745] -> nt!IofCallDriver -> [0x84009918]
10:56:49.336    5 acpi.sys[85e3a6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x83fd4ba0]
10:56:51.879    AVAST engine scan C:\Windows
10:57:06.496    AVAST engine scan C:\Windows\system32
11:06:24.321    AVAST engine scan C:\Windows\system32\drivers
11:07:02.166    AVAST engine scan C:\Users\Resi
11:36:34.264    AVAST engine scan C:\ProgramData
11:39:17.455    Scan finished successfully
12:04:07.567    Disk 0 MBR has been saved successfully to "C:\Users\Resi\Desktop\MBR.dat"
12:04:07.645    The log file has been saved successfully to "C:\Users\Resi\Desktop\aswMBR26.10.12.txt"

cosinus 26.10.2012 14:03
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Scans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

anita_kitz 26.10.2012 20:29
Log von Malwarebytes
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.26.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Resi :: RESI-PC [Administrator]

26.10.2012 19:19:20
mbam-log-2012-10-26 (19-19-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190005
Laufzeit: 8 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und log von SuperantiSpyware
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/26/2012 at 08:58 PM

Application Version : 5.6.1012

Core Rules Database Version : 9478
Trace Rules Database Version: 7290

Scan type      : Complete Scan
Total Scan Time : 01:06:05

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned      : 763
Memory threats detected  : 0
Registry items scanned    : 37753
Registry threats detected : 0
File items scanned        : 38183
File threats detected    : 467

Adware.Tracking Cookie
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@ad.zanox[1].txt [ /ad.zanox ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@adx.chip[2].txt [ /adx.chip ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@apmebf[2].txt [ /apmebf ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@atdmt[1].txt [ /atdmt ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@doubleclick[1].txt [ /doubleclick ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@fastclick[1].txt [ /fastclick ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@fastclick[3].txt [ /fastclick ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@mediaplex[2].txt [ /mediaplex ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@smartadserver[2].txt [ /smartadserver ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@www.zanox-affiliate[2].txt [ /www.zanox-affiliate ]
        C:\Users\Resi\AppData\Roaming\Microsoft\Windows\Cookies\resi@zedo[2].txt [ /zedo ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[1].txt [ Cookie:resi@de.sitestat.com/webde/shortview/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@statcounter[2].txt [ Cookie:resi@statcounter.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ottogroup.112.2o7[1].txt [ Cookie:resi@ottogroup.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@005.free-counters.co[1].txt [ Cookie:resi@005.free-counters.co.uk/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@uk.at.atwola[2].txt [ Cookie:resi@uk.at.atwola.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@wlw.122.2o7[1].txt [ Cookie:resi@wlw.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adsrv.admediate[1].txt [ Cookie:resi@adsrv.admediate.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[7].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1071459391/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@im.banner.t-online[2].txt [ Cookie:resi@im.banner.t-online.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@media.adrevolver[2].txt [ Cookie:resi@media.adrevolver.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@msnportal.112.2o7[1].txt [ Cookie:resi@msnportal.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@solmeliahotels.122.2o7[1].txt [ Cookie:resi@solmeliahotels.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@elitepartner[2].txt [ Cookie:resi@elitepartner.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[8].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/950130293/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adform[2].txt [ Cookie:resi@adform.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adfarm1.adition[2].txt [ Cookie:resi@adfarm1.adition.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.71i[1].txt [ Cookie:resi@adserver.71i.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stats.portalis[1].txt [ Cookie:resi@stats.portalis.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.yieldmanager[2].txt [ Cookie:resi@ad.yieldmanager.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@eas.apm.emediate[2].txt [ Cookie:resi@eas.apm.emediate.eu/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@eyewonder[2].txt [ Cookie:resi@eyewonder.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@guj.122.2o7[2].txt [ Cookie:resi@guj.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@2o7[2].txt [ Cookie:resi@2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adtech[2].txt [ Cookie:resi@adtech.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAD5PSLV.txt [ Cookie:resi@observare.de/tracking/track.php/148/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@thomascookag.122.2o7[1].txt [ Cookie:resi@thomascookag.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.adserver01[2].txt [ Cookie:resi@ad.adserver01.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www1.addfreestats[2].txt [ Cookie:resi@www1.addfreestats.com/cgi-bin ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[8].txt [ Cookie:resi@de.sitestat.com/webde/webde-dsl-verkaufsprozess/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.adition[2].txt [ Cookie:resi@ad.adition.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.adnet[1].txt [ Cookie:resi@ad.adnet.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@247realmedia[2].txt [ Cookie:resi@247realmedia.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adopt.euroclick[2].txt [ Cookie:resi@adopt.euroclick.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[5].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1029360127/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@msnaccountservices.112.2o7[1].txt [ Cookie:resi@msnaccountservices.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@createthegroup.122.2o7[1].txt [ Cookie:resi@createthegroup.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@insidergroup.122.2o7[1].txt [ Cookie:resi@insidergroup.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@mediaplex[2].txt [ Cookie:resi@mediaplex.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@sevenoneintermedia.112.2o7[1].txt [ Cookie:resi@sevenoneintermedia.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@imrworldwide[1].txt [ Cookie:resi@imrworldwide.com/cgi-bin ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@statse.webtrendslive[2].txt [ Cookie:resi@statse.webtrendslive.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@7.rotator.wigetmedia[1].txt [ Cookie:resi@7.rotator.wigetmedia.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@casalemedia[1].txt [ Cookie:resi@casalemedia.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adxpose[1].txt [ Cookie:resi@adxpose.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@advertising[2].txt [ Cookie:resi@advertising.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@doubleclick[1].txt [ Cookie:resi@doubleclick.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA5PCQ9S.txt [ Cookie:resi@observare.de/tracking/track.php/210/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@hotels-and-discounts[2].txt [ Cookie:resi@hotels-and-discounts.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@atdmt[1].txt [ Cookie:resi@atdmt.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.skiresort-service[2].txt [ Cookie:resi@adserver.skiresort-service.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.google[1].txt [ Cookie:resi@www.google.com/accounts ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[4].txt [ Cookie:resi@observare.de/tracking/track.php/49/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@serving-sys[2].txt [ Cookie:resi@serving-sys.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@unister-adservices[1].txt [ Cookie:resi@unister-adservices.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tribalfusion[2].txt [ Cookie:resi@tribalfusion.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@zedo[1].txt [ Cookie:resi@zedo.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@unitymedia[2].txt [ Cookie:resi@unitymedia.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@fastclick[2].txt [ Cookie:resi@fastclick.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@apmebf[1].txt [ Cookie:resi@apmebf.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAT1GAGA.txt [ Cookie:resi@de.sitestat.com/br/br/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adbrite[2].txt [ Cookie:resi@adbrite.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@xiti[1].txt [ Cookie:resi@xiti.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@webmasterplan[1].txt [ Cookie:resi@webmasterplan.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@smartadserver[2].txt [ Cookie:resi@smartadserver.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@counter.cnw[1].txt [ Cookie:resi@counter.cnw.cz/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@rotator.adjuggler[1].txt [ Cookie:resi@rotator.adjuggler.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@fr.sitestat[2].txt [ Cookie:resi@fr.sitestat.com/renault-group/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[4].txt [ Cookie:resi@de.sitestat.com/tcook/condor/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@dyntracker[1].txt [ Cookie:resi@dyntracker.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@aim4media[1].txt [ Cookie:resi@aim4media.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.3gnet[2].txt [ Cookie:resi@tracking.3gnet.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[5].txt [ Cookie:resi@de.sitestat.com/tcook/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@zanox[2].txt [ Cookie:resi@zanox.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@conrad.122.2o7[1].txt [ Cookie:resi@conrad.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.crealytics[2].txt [ Cookie:resi@tracking.crealytics.com/29/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@counter.hitslink[1].txt [ Cookie:resi@counter.hitslink.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@accounts.google[1].txt [ Cookie:resi@accounts.google.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.zanox[2].txt [ Cookie:resi@ad.zanox.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@partners.webmasterplan[2].txt [ Cookie:resi@partners.webmasterplan.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@opodo.122.2o7[2].txt [ Cookie:resi@opodo.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[6].txt [ Cookie:resi@de.sitestat.com/styria/kleinezeitung/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[2].txt [ Cookie:resi@de.sitestat.com/styria/willhaben/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[2].txt [ Cookie:resi@observare.de/tracking/track.php/3/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.schladming-dachstein[2].txt [ Cookie:resi@adserver.schladming-dachstein.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ads.gamesbannernet[2].txt [ Cookie:resi@ads.gamesbannernet.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@austrianairlines.122.2o7[1].txt [ Cookie:resi@austrianairlines.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ww381.smartadserver[2].txt [ Cookie:resi@ww381.smartadserver.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@spamfighter.112.2o7[1].txt [ Cookie:resi@spamfighter.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@server.cpmstar[2].txt [ Cookie:resi@server.cpmstar.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@hotelscom.122.2o7[1].txt [ Cookie:resi@hotelscom.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stats.e-domizil[3].txt [ Cookie:resi@stats.e-domizil.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@uk.sitestat[1].txt [ Cookie:resi@uk.sitestat.com/tcook/neilson/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stats.ursi-grusskarten[1].txt [ Cookie:resi@stats.ursi-grusskarten.de/piwik/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[3].txt [ Cookie:resi@de.sitestat.com/styria/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@support.google[3].txt [ Cookie:resi@support.google.com/adsense/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@at.atwola[1].txt [ Cookie:resi@at.atwola.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www2.smartadserver[2].txt [ Cookie:resi@www2.smartadserver.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@libri.112.2o7[1].txt [ Cookie:resi@libri.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ads.pointroll[1].txt [ Cookie:resi@ads.pointroll.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@youporn[1].txt [ Cookie:resi@youporn.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adviva[2].txt [ Cookie:resi@adviva.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.discounto[1].txt [ Cookie:resi@www.discounto.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stat.onestat[2].txt [ Cookie:resi@stat.onestat.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@hightraffic.hugoboss[2].txt [ Cookie:resi@hightraffic.hugoboss.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[10].txt [ Cookie:resi@de.sitestat.com/gmx/gmx/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@google[7].txt [ Cookie:resi@google.com/adsense/support/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@e-2dj6wjkowicpofq.stats.esomniture[2].txt [ Cookie:resi@e-2dj6wjkowicpofq.stats.esomniture.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAGNJ459.txt [ Cookie:resi@observare.de/tracking/track.php/80/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@eas4.emediate[1].txt [ Cookie:resi@eas4.emediate.eu/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.adnet[2].txt [ Cookie:resi@ad.adnet.biz/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stat.aldi[1].txt [ Cookie:resi@stat.aldi.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.viamedia[2].txt [ Cookie:resi@www.viamedia.at/piwik/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAWP20JN.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1004014157/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA7GN8KU.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1070455419/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www3.smartadserver[1].txt [ Cookie:resi@www3.smartadserver.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adultfriendfinder[2].txt [ Cookie:resi@adultfriendfinder.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.adultshop[1].txt [ Cookie:resi@www.adultshop.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@media.stage-entertainment[1].txt [ Cookie:resi@media.stage-entertainment.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA75QYRI.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1030623724/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@at.sitestat[2].txt [ Cookie:resi@at.sitestat.com/renault-group/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@axelspringer.122.2o7[1].txt [ Cookie:resi@axelspringer.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@quelleversandag.122.2o7[1].txt [ Cookie:resi@quelleversandag.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[9].txt [ Cookie:resi@de.sitestat.com/idgcom-de/pcwelt/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@data.coremetrics[1].txt [ Cookie:resi@data.coremetrics.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@trunitybe2.122.2o7[1].txt [ Cookie:resi@trunitybe2.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@media6degrees[2].txt [ Cookie:resi@media6degrees.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@roiservice[2].txt [ Cookie:resi@roiservice.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@dealtime[2].txt [ Cookie:resi@dealtime.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@mmstat[1].txt [ Cookie:resi@mmstat.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@at.sitestat[1].txt [ Cookie:resi@at.sitestat.com/renault-group/renault-at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@fr.sitestat[1].txt [ Cookie:resi@fr.sitestat.com/renault-group/renault-at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.adtechus[1].txt [ Cookie:resi@adserver.adtechus.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@skyscanner[1].txt [ Cookie:resi@skyscanner.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.sitestat[7].txt [ Cookie:resi@de.sitestat.com/is24/is24/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA2Q5L8G.txt [ Cookie:resi@de.sitestat.com/tnm/plus/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CARSGXWU.txt [ Cookie:resi@observare.de/tracking/track.php/115/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.dc-storm[2].txt [ Cookie:resi@tracking.dc-storm.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@count.mindlab-pixel[1].txt [ Cookie:resi@count.mindlab-pixel.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@skyscanner[2].txt [ Cookie:resi@skyscanner.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.quisma[1].txt [ Cookie:resi@tracking.quisma.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.mlsat03[1].txt [ Cookie:resi@tracking.mlsat03.de/walbusch/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.mediamarkt[1].txt [ Cookie:resi@www.mediamarkt.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@shopping.112.2o7[1].txt [ Cookie:resi@shopping.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[5].txt [ Cookie:resi@observare.de/tracking/track.php/46/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@estat[1].txt [ Cookie:resi@estat.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@mediaforge[2].txt [ Cookie:resi@mediaforge.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@fashionworld.112.2o7[1].txt [ Cookie:resi@fashionworld.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@traveladvertising[2].txt [ Cookie:resi@traveladvertising.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ads.zeusclicks[1].txt [ Cookie:resi@ads.zeusclicks.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@questionmarket[2].txt [ Cookie:resi@questionmarket.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA0M9643.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1039508380/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad3.adfarm1.adition[1].txt [ Cookie:resi@ad3.adfarm1.adition.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@track.zalando[1].txt [ Cookie:resi@track.zalando.at/513072222822788/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@germanwings.112.2o7[1].txt [ Cookie:resi@germanwings.112.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@findix[2].txt [ Cookie:resi@findix.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@edsa.122.2o7[1].txt [ Cookie:resi@edsa.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@nail-discount-24[1].txt [ Cookie:resi@nail-discount-24.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@e-2dj6wnmiqgd5elq.stats.esomniture[2].txt [ Cookie:resi@e-2dj6wnmiqgd5elq.stats.esomniture.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@static.unister-adservices[1].txt [ Cookie:resi@static.unister-adservices.com/services/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.skyscanner[2].txt [ Cookie:resi@www.skyscanner.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.etracker[2].txt [ Cookie:resi@www.etracker.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@discount24[2].txt [ Cookie:resi@discount24.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@findix[1].txt [ Cookie:resi@findix.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@aktionsfinder[2].txt [ Cookie:resi@aktionsfinder.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@de.partypoker[1].txt [ Cookie:resi@de.partypoker.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@enter.youporninhd[2].txt [ Cookie:resi@enter.youporninhd.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@bizrate[1].txt [ Cookie:resi@bizrate.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad2.adfarm1.adition[1].txt [ Cookie:resi@ad2.adfarm1.adition.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@clickaider[1].txt [ Cookie:resi@clickaider.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@neckermannde.122.2o7[1].txt [ Cookie:resi@neckermannde.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@a.revenuemax[1].txt [ Cookie:resi@a.revenuemax.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@amazon-adsystem[2].txt [ Cookie:resi@amazon-adsystem.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@dolcegabbana.122.2o7[1].txt [ Cookie:resi@dolcegabbana.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@zbox.zanox[1].txt [ Cookie:resi@zbox.zanox.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@partypoker[1].txt [ Cookie:resi@partypoker.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@nextag[2].txt [ Cookie:resi@nextag.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAH1WWQI.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/953141587/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@getitgmbh.122.2o7[1].txt [ Cookie:resi@getitgmbh.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ad.dyntracker[1].txt [ Cookie:resi@ad.dyntracker.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[3].txt [ Cookie:resi@observare.de/tracking/track.php/142/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CASFHZ21.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/984183166/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ikea.122.2o7[1].txt [ Cookie:resi@ikea.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adcentriconline[2].txt [ Cookie:resi@adcentriconline.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@realmedia[2].txt [ Cookie:resi@realmedia.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.weinwelt[2].txt [ Cookie:resi@tracking.weinwelt.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.zoover[5].txt [ Cookie:resi@www.zoover.de/Shared/BannerPages/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stat.ed.cupidplc[1].txt [ Cookie:resi@stat.ed.cupidplc.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.naturfreunde[2].txt [ Cookie:resi@www.naturfreunde.at/pstats/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracker.roitesting[1].txt [ Cookie:resi@tracker.roitesting.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@yadro[2].txt [ Cookie:resi@yadro.ru/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA1P14YA.txt [ Cookie:resi@de.sitestat.com/tnm/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@in.getclicky[1].txt [ Cookie:resi@in.getclicky.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[6].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1012430496/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@kkeu.122.2o7[1].txt [ Cookie:resi@kkeu.122.2o7.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@legolas-media[2].txt [ Cookie:resi@legolas-media.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@track.effiliation[3].txt [ Cookie:resi@track.effiliation.com/servlet/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[6].txt [ Cookie:resi@observare.de/tracking/track.php/96/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@track.effiliation[1].txt [ Cookie:resi@track.effiliation.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAPSHEOA.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1029079381/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@zanox-affiliate[1].txt [ Cookie:resi@zanox-affiliate.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.aktionsfinder[2].txt [ Cookie:resi@www.aktionsfinder.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ox-d.rdmedia[2].txt [ Cookie:resi@ox-d.rdmedia.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@pornhub[1].txt [ Cookie:resi@pornhub.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAJ4Y4DN.txt [ Cookie:resi@de.sitestat.com/is24-community/is24-community/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@server.adform[2].txt [ Cookie:resi@server.adform.net/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[8].txt [ Cookie:resi@observare.de/tracking/track.php/52/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAJNKF0D.txt [ Cookie:resi@de.sitestat.com/sueddeutsche/sueddeutsche/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.yopi[2].txt [ Cookie:resi@adserver.yopi.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@click-lastminute[2].txt [ Cookie:resi@click-lastminute.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[7].txt [ Cookie:resi@observare.de/tracking/track.php/87/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAI4RYTH.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/961179425/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.aktionsfinder[1].txt [ Cookie:resi@www.aktionsfinder.at/produktgruppen/mode-und-accessoires/bekleidung/tchibo.at-Pyjama/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@komtrack[2].txt [ Cookie:resi@komtrack.com/tr/104750 ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@ads.247activemedia[1].txt [ Cookie:resi@ads.247activemedia.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[2].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1029078512/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[11].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1029154412/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@tracking.tchibo[1].txt [ Cookie:resi@tracking.tchibo.de/683553670525906/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@urbia.wwe-media[1].txt [ Cookie:resi@urbia.wwe-media.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.tiervermittlung[1].txt [ Cookie:resi@adserver.tiervermittlung.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stats.peer[2].txt [ Cookie:resi@stats.peer.biz/piwik/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAYBFMGM.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1070793486/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@etargetnet[1].txt [ Cookie:resi@etargetnet.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[10].txt [ Cookie:resi@observare.de/tracking/track.php/29/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.aktionsfinder[3].txt [ Cookie:resi@www.aktionsfinder.at/maerkte/supermaerkte/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.googleadservices[10].txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1061043827/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@weboramapublishertrackinguk2.solution.weborama[2].txt [ Cookie:resi@weboramapublishertrackinguk2.solution.weborama.fr/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.zanox-affiliate[2].txt [ Cookie:resi@www.zanox-affiliate.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.teamblau[1].txt [ Cookie:resi@adserver.teamblau.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@observare[9].txt [ Cookie:resi@observare.de/tracking/track.php/107/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CA846L95.txt [ Cookie:resi@de.sitestat.com/laola1/thesportsman-tv/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@thelabelfinder[1].txt [ Cookie:resi@thelabelfinder.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAU6PPU7.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1070300267/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.local[1].txt [ Cookie:resi@adserver.local.ch/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@stat.easydate[1].txt [ Cookie:resi@stat.easydate.biz/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAZOKKBC.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1071210650/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adinterax[2].txt [ Cookie:resi@adinterax.com/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@www.thelabelfinder[2].txt [ Cookie:resi@www.thelabelfinder.de/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@CAJ5HQZY.txt [ Cookie:resi@www.googleadservices.com/pagead/conversion/1038213470/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@i-find[1].txt [ Cookie:resi@i-find.at/ ]
        C:\USERS\RESI\AppData\Roaming\Microsoft\Windows\Cookies\Low\resi@adserver.advertisingbox[1].txt [ Cookie:resi@adserver.advertisingbox.com/ ]
        C:\USERS\RESI\Cookies\resi@zedo[2].txt [ Cookie:resi@zedo.com/ ]
        C:\USERS\RESI\Cookies\resi@fastclick[3].txt [ Cookie:resi@fastclick.net/ ]
        C:\USERS\RESI\Cookies\resi@apmebf[2].txt [ Cookie:resi@apmebf.com/ ]
        C:\USERS\RESI\Cookies\resi@ad.yieldmanager[1].txt [ Cookie:resi@ad.yieldmanager.com/ ]
        C:\USERS\RESI\Cookies\resi@smartadserver[2].txt [ Cookie:resi@smartadserver.com/ ]
        C:\USERS\RESI\Cookies\resi@mediaplex[2].txt [ Cookie:resi@mediaplex.com/ ]
        C:\USERS\RESI\Cookies\resi@adx.chip[2].txt [ Cookie:resi@adx.chip.de/ ]
        C:\USERS\RESI\Cookies\resi@ad.zanox[1].txt [ Cookie:resi@ad.zanox.com/ ]
        C:\USERS\RESI\Cookies\resi@doubleclick[1].txt [ Cookie:resi@doubleclick.net/ ]
        C:\USERS\RESI\Cookies\resi@www.zanox-affiliate[2].txt [ Cookie:resi@www.zanox-affiliate.de/ ]
        C:\USERS\RESI\Cookies\resi@atdmt[1].txt [ Cookie:resi@atdmt.com/ ]
        banners.securedataimages.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        bc.youporn.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        cdn1.eyewonder.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        ds.serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        files.youporn.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        ia.media-imdb.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        m1.2mdn.net [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        macromedia.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        media.stage-entertainment.de [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        s0.2mdn.net [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        secure-uk.imrworldwide.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        spe.atdmt.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        static.youporn.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        track.webgains.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        www.elitepartner.at [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        www.pornhub.com [ C:\USERS\RESI\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\Y7BK7695 ]
        C:\USERS\RESI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RESI@4STATS[1].TXT [ /4STATS ]
        C:\USERS\RESI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RESI@AD.71I[1].TXT [ /AD.71I ]
        C:\USERS\RESI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RESI@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
        C:\USERS\RESI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\RESI@REVENUE[2].TXT [ /REVENUE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adopt.euroclick.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .parship.122.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        adserver.71i.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ads1.w3hoster.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        media.adrevolver.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .advertising.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.at [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.at [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        rotator.adjuggler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        rotator.adjuggler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .hotelscom.122.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .nissaneurope.112.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .euroclick.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .germanwings.112.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .elitepartner.at [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        www.finde-liebe.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .roitracking.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ads.pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tele2.112.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.adserver01.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        data.coremetrics.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.adition.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .eyewonder.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        nl.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        nl.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        stat.onestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        adserver.itsfogo.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .skydeutschland.122.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .gmeurope.112.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .amazonservices.122.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .cunda.122.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .a.revenuemax.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .overture.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .yieldmanager.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        secure.img-cdn.mediaplex.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        track.collectoffers.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .mediaforge.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .neckermannde.122.2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        track.zalando.at [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        eas5.emediate.eu [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adxpose.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .findmyhome.at [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .findmyhome.at [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .tracker.vinsight.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\RESI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6IX0ZN.DEFAULT\COOKIES.SQLITE ]

BearShare File Sharing Client
        C:\PROGRAM FILES\BEARSHARE APPLICATIONS\BEARSHARE\BEARSHARE.EXE
        C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\BEARSHARE\BEARSHARE.LNK
        C:\USERS\RESI\DESKTOP\BEARSHARE.LNK
Was soll ich mit den Funden machen? Remove treads oder abbrechen?

cosinus 27.10.2012 14:22
Sieht ok aus, da wurden nur Cookies und Reste von Bearshare gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

anita_kitz 28.10.2012 10:30
Hallo cosinus,
nein soweit fällt mir jetzt nichts mehr auf. Läuft alles rund.
Kann ich die installierten Programme deinstallieren oder soll ich einige auf dem lapi belassen?
Danke für die Hilfe und ich werd der Besitzerin die Bankdaten zukommen lassen für eine Spende.

cosinus 28.10.2012 12:23
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Scan machen, aber immer vorher ans Update denken.

Es empfiehlt sich auf jeden Fall nach der beseitigten Infektion auch möglichst alle Passwörter zu ändern.

Abschließend ein ganz wichtiger Punkt: Absicherung des Rechners, aktualisieren der Programme siehe http://www.trojaner-board.de/96344-a...tml#post627442

anita_kitz 28.10.2012 21:39
:daumenhoc :applaus:
danke für die Hilfe, hab jetzt noch die Programme entfernt, SP 2 installiert und auch noch anderes Virenprogramm raufgegeben...
Ich hoffe sie ist jetzt versorgt, muß halt jedes Monat mal bei ihr vorbeischauen obs auch wirklich paßt ;) sonst meld ich mich wieder mal :pfeiff:


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131