PC nach Trojanerbefall wirklich sauber?

mar87 · 17.10.2012, 21:09

Hallo liebes Trojaner-Board-Team!

Als mich Anfang dieser Woche der berüchtigte Trojaner mit weißem Bildschirm „Die Webseite kann nicht angezeigt werden“ erwischt hatte, fand ich Gott sei Dank das Forum und die hilfreichen Anleitungen zur Beseitigung des Schädlings.

Nachdem ich mittlerweile alles umgesetzt habe (SCAN mit allen genannten Programmen (Malwarebytes, Adwcleaner, Emsisoft Anti-Malware, ESET, Update des veralteten Java-Programms [inkl. Deinstallation der älteren Versionen], Tool-Bereinigung mit OTL,Löschung der temporären Dateien, Zurückstellung der Sicherheitszonen, Leerung der Systemwiederherstellungen, Aufräumen mit CCleaner etc.) und der PC nun sauber erscheint, möchte ich die letzten Dateien auf meiner externen Festplatte sichern. Bevor ich das mache, möchte ich aber wirklich sicher gehen, dass ich die andere Festplatte nicht doch irgendwie mit Malware infiziere. Durch welchen Scan würdet ihr im Forum erkennen, ob der Computer wirklich sauber ist und ich die Dateien sorg- und gefahrlos sichern kann?

Muss ich den PC nach der Sicherung trotzdem neu aufsetzen, da sich irgendwo noch Reste des Virus verstecken könnten? Sollte ich – obwohl kein Rootkit gefunden wurde – alle Passwörter ändern oder sonstige Vorgehensweisen berücksichtigen, falls ich das bestehende System weiterhin benutzen dürfte?

Für eure Hilfe wäre ich euch sehr dankbar!

Liebe Grüße,
mar87

Hallo nochmal,

wäre toll, wenn jemand eine Antwort parat hätte: Von welchem Programm würdet ihr die LOG Dateien brauchen, um beurteilen zu können, dass mein PC nun sauber ist und ich meine Dateien sorglos auf eine externe Festplatte sichern kann?

LG,
Mar87

cosinus · 19.10.2012, 12:11

Zitat:

Von welchem Programm würdet ihr die LOG Dateien brauchen, um beurteilen zu können, dass mein PC nun sauber ist und ich meine Dateien sorglos auf eine externe Festplatte sichern kann?

Am besten alle vorhandenen Logs posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

mar87 · 21.10.2012, 12:44

Danke für die Rückmeldung! Hier die aktuellen Logs:

Malwarebytes Anti-Malware

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.20.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
878 :: 878-PC [Administrator]

Schutz: Aktiviert

20.10.2012 09:30:16
mbam-log-2012-10-20 (09-30-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 322970
Laufzeit: 54 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a15ddb6aa03d7646884cf0a65dd73091
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-20 10:06:19
# local_time=2012-10-20 12:06:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 217923 217923 0 0
# compatibility_mode=5893 16776574 100 94 31682394 102354180 0 0
# compatibility_mode=8192 67108863 100 0 116 116 0 0
# scanned=146017
# found=0
# cleaned=0
# scan_time=4589

ADWCleaner:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 20/10/2012 um 12:23:15 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : 878 - 878-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\878\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files\Common Files\AVG Secure Search

***** [Registrierungsdatenbank] *****

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\878\AppData\Roaming\Mozilla\Firefox\Profiles\r9bisenm.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v13.0.782.220

Datei : C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\878\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [1391 octets] - [20/10/2012 12:23:15]

########## EOF - C:\AdwCleaner[R3].txt - [1451 octets] ##########

OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.10.2012 12:28:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\878\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,31% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 345,18 Gb Free Space | 74,11% Space Free | Partition Type: NTFS
 
Computer Name: 878-PC | User Name: 878 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\878\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\bgsmsnd.exe (Broadgun Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Clear History\ClearHistory.exe (CS Software)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (cpuz132) -- C:\Users\878\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (P1120VID) -- C:\Windows\System32\drivers\P1120Vid.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 39 38 76 99 AC CD 01  [binary data]
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\878\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 09:57:36 | 000,000,000 | ---D | M]
 
[2010.10.05 19:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\878\AppData\Roaming\mozilla\Extensions
[2011.09.15 21:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\878\AppData\Roaming\mozilla\Firefox\Profiles\r9bisenm.default\extensions
[2011.09.15 23:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.05 19:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 20:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 10:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 20:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.10.05 19:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 20:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 10:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 20:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.05 19:26:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Secure Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: AVG Safe Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Secure Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
 
O1 HOSTS File: ([2011.10.19 18:03:35 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bgsmsnd.exe] C:\Windows\System32\bgsmsnd.exe (Broadgun Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe (CS Software)
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [Steam] C:\Program Files\Steam1\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9806874B-4621-4D96-B9FC-D8CB4C695FAA}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{614e5986-25f7-11e1-9776-0019666c2b7e}\Shell - "" = AutoRun
O33 - MountPoints2\{614e5986-25f7-11e1-9776-0019666c2b7e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.20 12:26:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\878\Desktop\OTL.exe
[2012.10.20 10:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.17 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.17 20:11:51 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.17 20:11:51 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.17 20:11:22 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.17 20:11:19 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.17 20:11:17 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.17 20:05:33 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.10.17 20:05:33 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.10.17 20:05:13 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.10.17 20:05:13 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.10.17 20:05:13 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.10.17 20:04:57 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.10.17 20:04:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.10.17 17:38:24 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Roaming\AVG
[2012.10.17 17:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012.10.17 17:37:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012.10.16 21:01:07 | 000,000,000 | ---D | C] -- C:\Users\878\Documents\Anti-Malware
[2012.10.16 19:11:14 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Roaming\Malwarebytes
[2012.10.16 19:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 19:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 19:11:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.16 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.07 01:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\jsxpwvikfsxuuug
[2012.10.06 01:30:50 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Roaming\TuneUp Software
[2012.10.06 01:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.10.06 01:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.06 01:30:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2 C:\Users\878\Desktop\*.tmp files -> C:\Users\878\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.20 12:26:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\878\Desktop\OTL.exe
[2012.10.20 12:24:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.20 12:23:05 | 000,538,941 | ---- | M] () -- C:\Users\878\Desktop\adwcleaner.exe
[2012.10.20 12:00:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.20 09:29:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.20 09:21:54 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.20 09:21:54 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.20 09:18:27 | 098,159,440 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.10.20 09:14:47 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.20 09:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.20 09:14:35 | 1610,006,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 20:10:54 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012.10.17 20:10:52 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.10.17 20:10:52 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.10.17 20:10:52 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.10.17 20:10:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.10.17 20:10:52 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.10.16 22:00:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.16 22:00:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.07 01:02:45 | 000,074,137 | ---- | M] () -- C:\ProgramData\eatstoapzfibbbc
[2012.10.05 20:36:52 | 000,378,368 | ---- | M] () -- C:\Users\878\Desktop\P1070175-pic.jpg
[2012.10.05 18:31:57 | 000,272,670 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.10.03 00:52:48 | 000,121,837 | ---- | M] () -- C:\Users\878\Desktop\IMG_0210.JPG
[2012.10.02 16:12:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.02 16:12:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.02 16:12:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.02 16:12:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Users\878\Desktop\*.tmp files -> C:\Users\878\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.20 12:17:08 | 000,538,941 | ---- | C] () -- C:\Users\878\Desktop\adwcleaner.exe
[2012.10.16 19:11:05 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 01:02:39 | 000,074,137 | ---- | C] () -- C:\ProgramData\eatstoapzfibbbc
[2012.10.05 20:36:52 | 000,378,368 | ---- | C] () -- C:\Users\878\Desktop\P1070175-pic.jpg
[2012.10.03 00:52:48 | 000,121,837 | ---- | C] () -- C:\Users\878\Desktop\IMG_0210.JPG
[2012.08.21 08:27:53 | 000,027,520 | ---- | C] () -- C:\Users\878\AppData\Local\dt.dat
[2012.05.29 21:52:21 | 000,000,889 | ---- | C] () -- C:\Users\878\AppData\Local\recently-used.xbel
[2011.11.23 17:15:43 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{B99A73A0-AA41-4986-A67D-7E8B18B48CBE}
[2011.09.30 11:07:23 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{EC113985-85DB-4DC2-9ADE-06367B0D5E54}
[2011.08.09 13:06:31 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2011.08.09 13:06:31 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011.08.09 13:06:31 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2011.08.09 13:06:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2011.08.07 00:41:05 | 000,216,776 | ---- | C] () -- C:\Windows\System32\bgsserv.exe
[2011.08.07 00:41:05 | 000,128,712 | ---- | C] () -- C:\Windows\System32\bgsreses.dll
[2011.08.07 00:41:05 | 000,127,176 | ---- | C] () -- C:\Windows\System32\bgsresfr.dll
[2011.08.07 00:41:05 | 000,125,640 | ---- | C] () -- C:\Windows\System32\bgsresit.dll
[2011.08.07 00:41:05 | 000,123,592 | ---- | C] () -- C:\Windows\System32\bgsrespt.dll
[2011.08.07 00:41:05 | 000,123,080 | ---- | C] () -- C:\Windows\System32\bgsrespl.dll
[2011.08.07 00:41:05 | 000,121,032 | ---- | C] () -- C:\Windows\System32\bgsresde.dll
[2011.08.07 00:41:05 | 000,119,496 | ---- | C] () -- C:\Windows\System32\bgsresen.dll
[2011.08.07 00:41:05 | 000,119,496 | ---- | C] () -- C:\Windows\System32\bgsresda.dll
[2011.08.07 00:41:05 | 000,061,640 | ---- | C] () -- C:\Windows\System32\bgspmnt.dll
[2011.06.21 11:45:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 11:44:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.29 19:22:15 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{68A286C1-2FC3-4162-8592-165066DD8103}
[2011.03.20 04:10:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.03.01 17:33:21 | 000,000,807 | ---- | C] () -- C:\Users\878\AppData\Roaming\FrameFun.ini
[2011.01.22 19:15:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.01.22 19:15:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.01.20 05:26:12 | 000,004,096 | -H-- | C] () -- C:\Users\878\AppData\Local\keyfile3.drm
[2010.12.18 18:42:30 | 000,004,608 | ---- | C] () -- C:\Users\878\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 22:48:33 | 000,074,219 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010.10.05 20:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.24 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AlawarSouthpoint
[2012.10.17 17:38:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG
[2011.11.30 03:23:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG2012
[2012.09.15 22:39:30 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Boomzap
[2010.11.10 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\CR120TWN
[2010.11.10 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\CR330TWN
[2010.12.13 05:02:19 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\DeepBurner
[2012.09.15 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\ERS Game Studios
[2011.03.20 03:37:02 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Floodlight Games
[2010.10.05 19:26:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit
[2010.10.05 19:26:45 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit Software
[2011.02.23 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GameHouse
[2011.02.25 01:20:54 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GamersDigital
[2011.01.31 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GARMIN
[2011.03.20 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Gogii
[2010.10.05 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\IrfanView
[2011.02.25 00:13:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\LittleGamesCompany
[2011.04.14 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MAGIX
[2012.09.15 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MumboJumbo
[2010.10.05 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Opera
[2012.09.15 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Orneon
[2012.05.29 22:03:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PhotoScape
[2011.06.24 21:34:21 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PlayFirst
[2012.09.10 22:42:14 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\RenPy
[2011.02.23 20:35:47 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Skip-Bo
[2011.08.09 13:06:36 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Softinterface, Inc
[2012.05.29 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Thinstall
[2012.09.15 23:52:29 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Top Evidence
[2012.10.06 01:30:50 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\TuneUp Software
[2010.11.12 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Uniblue
[2012.09.15 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\URSE Games
[2011.03.20 03:55:57 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\VampireSaga
[2011.08.09 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\WordToPDF
[2011.08.06 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\XnView
[2011.02.25 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011.07.16 02:26:42 | 014,814,100 | ---- | M] ()(C:\Users\878\Documents\????, ????? ??????????, ??? 2010.wmv) -- C:\Users\878\Documents\Саня, Точка невозврата, НТВ 2010.wmv
[2011.07.16 02:25:52 | 014,814,100 | ---- | C] ()(C:\Users\878\Documents\????, ????? ??????????, ??? 2010.wmv) -- C:\Users\878\Documents\Саня, Точка невозврата, НТВ 2010.wmv
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0168CC60
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C82CA1C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D621CFB8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32289BE8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EBF0842B

< End of report >

--- --- ---

cosinus · 21.10.2012, 12:52

Wieso denn jetzt aktuelle Logs, ich wollte die schon von Malwarebytes vorhandenen Log mit den Funden sehen! An "leeren" Logs seh ich doch nicht welche Infektion du hattest!

mar87 · 21.10.2012, 13:04

Entschuldigung, dachte, so kann man überprüfen, ob der PC sauber ist. Hier der damalige Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.16.11

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
878 :: 878-PC [Administrator]

16.10.2012 19:54:17
mbam-log-2012-10-16 (19-54-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 344065
Laufzeit: 36 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|gxrjokqqfrqdnmv (Trojan.Winlock) -> Daten: C:\ProgramData\gxrjokqq.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\gxrjokqq.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 21.10.2012, 13:15

Mehr hat Malwarebytes nicht gefunden oder gib es noch weitere Logs?

mar87 · 21.10.2012, 13:36

Ja, das war alles, was gefunden wurde.

cosinus · 21.10.2012, 15:56

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

mar87 · 21.10.2012, 17:01

Hier das Ergebnis:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 21/10/2012 um 17:57:24 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : 878 - 878-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\878\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search

***** [Registrierungsdatenbank] *****

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Profilname : default 
Datei : C:\Users\878\AppData\Roaming\Mozilla\Firefox\Profiles\r9bisenm.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v13.0.782.220

Datei : C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.1.1532.0

Datei : C:\Users\878\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R3].txt - [1520 octets] - [20/10/2012 12:23:15]
AdwCleaner[R4].txt - [1580 octets] - [21/10/2012 17:54:14]
AdwCleaner[S1].txt - [1519 octets] - [21/10/2012 17:57:24]

########## EOF - C:\AdwCleaner[S1].txt - [1579 octets] ##########

cosinus · 21.10.2012, 20:04

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

mar87 · 21.10.2012, 20:21

Der PC läuft normal, es gibt weder Einschränkungen bei der Benutzung, noch fehlende Programme bzw. leere Ordner.

cosinus · 22.10.2012, 10:10

Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

mar87 · 22.10.2012, 19:36

Hier die neue Logfile:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.10.2012 19:58:28 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\878\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,52% Memory free
4,00 Gb Paging File | 3,02 Gb Available in Paging File | 75,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,75 Gb Total Space | 344,83 Gb Free Space | 74,04% Space Free | Partition Type: NTFS
 
Computer Name: 878-PC | User Name: 878 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\878\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\System32\bgsmsnd.exe (Broadgun Software)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Clear History\ClearHistory.exe (CS Software)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ogmservice) -- C:\Programme\Online Games Manager\ogmservice.exe (RealNetworks, Inc.)
SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (cpuz132) -- C:\Users\878\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (iBtFltCoex) -- C:\Windows\System32\drivers\iBtFltCoex.sys (Intel Corporation)
DRV - (btmhsf) -- C:\Windows\System32\drivers\btmhsf.sys (Intel Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (P1120VID) -- C:\Windows\System32\drivers\P1120Vid.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 39 38 76 99 AC CD 01  [binary data]
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\878\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 09:57:36 | 000,000,000 | ---D | M]
 
[2010.10.05 19:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\878\AppData\Roaming\mozilla\Extensions
[2011.09.15 21:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\878\AppData\Roaming\mozilla\Firefox\Profiles\r9bisenm.default\extensions
[2011.09.15 23:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.05 19:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 20:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 10:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 20:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.10.05 19:28:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 16:03:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 20:07:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 10:41:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 20:00:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.05 19:26:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\13.0.782.220\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\878\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Secure Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: AVG Safe Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Secure Search = C:\Users\878\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
 
O1 HOSTS File: ([2011.10.19 18:03:35 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (pdfMachine) - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (pdfMachine) - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\System32\spool\drivers\w32x86\3\bgstb.dll (Broadgun Software)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bgsmsnd.exe] C:\Windows\System32\bgsmsnd.exe (Broadgun Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [ClearHistory] C:\Program Files\Clear History\ClearHistory.exe (CS Software)
O4 - HKU\S-1-5-21-4070557579-1729641792-2656704333-1001..\Run: [Steam] C:\Program Files\Steam1\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9806874B-4621-4D96-B9FC-D8CB4C695FAA}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{614e5986-25f7-11e1-9776-0019666c2b7e}\Shell - "" = AutoRun
O33 - MountPoints2\{614e5986-25f7-11e1-9776-0019666c2b7e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: CTRegRun - hkey= - key= - C:\Windows\Ctregrun.exe (Creative Technology Ltd )
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.20 12:26:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\878\Desktop\OTL.exe
[2012.10.20 10:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.17 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.10.17 17:38:24 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Roaming\AVG
[2012.10.17 17:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012.10.17 17:37:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012.10.16 21:01:07 | 000,000,000 | ---D | C] -- C:\Users\878\Documents\Anti-Malware
[2012.10.16 19:11:14 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Roaming\Malwarebytes
[2012.10.16 19:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.16 19:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.16 19:11:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.16 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.07 01:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\jsxpwvikfsxuuug
[2012.10.06 01:30:50 | 000,000,000 | ---D | C] -- C:\Users\878\AppData\Roaming\TuneUp Software
[2012.10.06 01:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.10.06 01:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.06 01:30:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2 C:\Users\878\Desktop\*.tmp files -> C:\Users\878\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.22 20:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 19:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\878\Desktop\OTL.exe
[2012.10.22 19:51:31 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 19:51:31 | 000,014,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 19:47:45 | 098,300,028 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.10.22 19:44:22 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 19:44:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 19:44:11 | 1610,006,528 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.22 15:24:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.20 12:23:05 | 000,538,941 | ---- | M] () -- C:\Users\878\Desktop\adwcleaner.exe
[2012.10.20 09:29:26 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 01:02:45 | 000,074,137 | ---- | M] () -- C:\ProgramData\eatstoapzfibbbc
[2012.10.05 20:36:52 | 000,378,368 | ---- | M] () -- C:\Users\878\Desktop\P1070175-pic.jpg
[2012.10.05 18:31:57 | 000,272,670 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.10.03 00:52:48 | 000,121,837 | ---- | M] () -- C:\Users\878\Desktop\IMG_0210.JPG
[2012.10.02 16:12:03 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.02 16:12:03 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.02 16:12:03 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.02 16:12:03 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Users\878\Desktop\*.tmp files -> C:\Users\878\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.20 12:17:08 | 000,538,941 | ---- | C] () -- C:\Users\878\Desktop\adwcleaner.exe
[2012.10.16 19:11:05 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.07 01:02:39 | 000,074,137 | ---- | C] () -- C:\ProgramData\eatstoapzfibbbc
[2012.10.05 20:36:52 | 000,378,368 | ---- | C] () -- C:\Users\878\Desktop\P1070175-pic.jpg
[2012.10.03 00:52:48 | 000,121,837 | ---- | C] () -- C:\Users\878\Desktop\IMG_0210.JPG
[2012.08.21 08:27:53 | 000,027,520 | ---- | C] () -- C:\Users\878\AppData\Local\dt.dat
[2012.05.29 21:52:21 | 000,000,889 | ---- | C] () -- C:\Users\878\AppData\Local\recently-used.xbel
[2011.11.23 17:15:43 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{B99A73A0-AA41-4986-A67D-7E8B18B48CBE}
[2011.09.30 11:07:23 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{EC113985-85DB-4DC2-9ADE-06367B0D5E54}
[2011.08.09 13:06:31 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage3.dll
[2011.08.09 13:06:31 | 000,761,856 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2011.08.09 13:06:31 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DVM.dll
[2011.08.09 13:06:31 | 000,053,248 | ---- | C] () -- C:\Windows\System32\RegisterExe.exe
[2011.08.07 00:41:05 | 000,216,776 | ---- | C] () -- C:\Windows\System32\bgsserv.exe
[2011.08.07 00:41:05 | 000,128,712 | ---- | C] () -- C:\Windows\System32\bgsreses.dll
[2011.08.07 00:41:05 | 000,127,176 | ---- | C] () -- C:\Windows\System32\bgsresfr.dll
[2011.08.07 00:41:05 | 000,125,640 | ---- | C] () -- C:\Windows\System32\bgsresit.dll
[2011.08.07 00:41:05 | 000,123,592 | ---- | C] () -- C:\Windows\System32\bgsrespt.dll
[2011.08.07 00:41:05 | 000,123,080 | ---- | C] () -- C:\Windows\System32\bgsrespl.dll
[2011.08.07 00:41:05 | 000,121,032 | ---- | C] () -- C:\Windows\System32\bgsresde.dll
[2011.08.07 00:41:05 | 000,119,496 | ---- | C] () -- C:\Windows\System32\bgsresen.dll
[2011.08.07 00:41:05 | 000,119,496 | ---- | C] () -- C:\Windows\System32\bgsresda.dll
[2011.08.07 00:41:05 | 000,061,640 | ---- | C] () -- C:\Windows\System32\bgspmnt.dll
[2011.06.21 11:45:02 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.21 11:44:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.29 19:22:15 | 000,000,000 | ---- | C] () -- C:\Users\878\AppData\Local\{68A286C1-2FC3-4162-8592-165066DD8103}
[2011.03.20 04:10:57 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.03.01 17:33:21 | 000,000,807 | ---- | C] () -- C:\Users\878\AppData\Roaming\FrameFun.ini
[2011.01.22 19:15:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.01.22 19:15:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.01.20 05:26:12 | 000,004,096 | -H-- | C] () -- C:\Users\878\AppData\Local\keyfile3.drm
[2010.12.18 18:42:30 | 000,004,608 | ---- | C] () -- C:\Users\878\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 22:48:33 | 000,074,219 | ---- | C] () -- C:\Windows\hpqins16.dat
[2010.10.05 20:55:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 14:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.02.24 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AlawarSouthpoint
[2012.10.17 17:38:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG
[2011.11.30 03:23:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG2012
[2012.09.15 22:39:30 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Boomzap
[2010.11.10 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\CR120TWN
[2010.11.10 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\CR330TWN
[2010.12.13 05:02:19 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\DeepBurner
[2012.09.15 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\ERS Game Studios
[2011.03.20 03:37:02 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Floodlight Games
[2010.10.05 19:26:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit
[2010.10.05 19:26:45 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit Software
[2011.02.23 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GameHouse
[2011.02.25 01:20:54 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GamersDigital
[2011.01.31 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GARMIN
[2011.03.20 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Gogii
[2010.10.05 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\IrfanView
[2011.02.25 00:13:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\LittleGamesCompany
[2011.04.14 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MAGIX
[2012.09.15 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MumboJumbo
[2010.10.05 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Opera
[2012.09.15 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Orneon
[2012.05.29 22:03:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PhotoScape
[2011.06.24 21:34:21 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PlayFirst
[2012.09.10 22:42:14 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\RenPy
[2011.02.23 20:35:47 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Skip-Bo
[2011.08.09 13:06:36 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Softinterface, Inc
[2012.05.29 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Thinstall
[2012.09.15 23:52:29 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Top Evidence
[2012.10.06 01:30:50 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\TuneUp Software
[2010.11.12 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Uniblue
[2012.09.15 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\URSE Games
[2011.03.20 03:55:57 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\VampireSaga
[2011.08.09 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\WordToPDF
[2011.08.06 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\XnView
[2011.02.25 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.06 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Adobe
[2011.02.24 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AlawarSouthpoint
[2010.12.17 03:06:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Apple Computer
[2012.10.17 17:38:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG
[2011.11.30 03:23:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\AVG2012
[2012.09.15 22:39:30 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Boomzap
[2010.11.10 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\CR120TWN
[2010.11.10 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\CR330TWN
[2012.01.15 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Creative
[2010.12.13 05:02:19 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\DeepBurner
[2012.09.15 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\ERS Game Studios
[2011.03.20 03:37:02 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Floodlight Games
[2010.10.05 19:26:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit
[2010.10.05 19:26:45 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Foxit Software
[2011.02.23 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GameHouse
[2011.02.25 01:20:54 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GamersDigital
[2011.01.31 18:04:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\GARMIN
[2011.03.20 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Gogii
[2011.02.25 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Identities
[2010.10.05 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\IrfanView
[2011.02.25 00:13:44 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\LittleGamesCompany
[2010.10.05 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Macromedia
[2011.04.14 17:40:43 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MAGIX
[2012.10.16 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Malwarebytes
[2009.07.14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Media Center Programs
[2011.07.11 22:29:58 | 000,000,000 | --SD | M] -- C:\Users\878\AppData\Roaming\Microsoft
[2010.10.05 19:26:15 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Mozilla
[2012.09.15 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\MumboJumbo
[2010.12.13 04:28:10 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Nero
[2010.10.05 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Opera
[2012.09.15 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Orneon
[2012.05.29 22:03:04 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PhotoScape
[2011.06.24 21:34:21 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\PlayFirst
[2012.09.10 22:42:14 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\RenPy
[2011.02.23 20:35:47 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Skip-Bo
[2012.10.17 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Skype
[2010.12.11 01:00:08 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\skypePM
[2011.08.09 13:06:36 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Softinterface, Inc
[2012.05.29 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Thinstall
[2012.09.15 23:52:29 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Top Evidence
[2012.10.06 01:30:50 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\TuneUp Software
[2010.11.12 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Uniblue
[2012.09.15 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\URSE Games
[2011.03.20 03:55:57 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\VampireSaga
[2011.11.30 03:23:05 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\vlc
[2012.10.20 15:18:02 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Winamp
[2010.10.09 22:42:19 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\WinRAR
[2011.08.09 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\WordToPDF
[2011.08.06 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\XnView
[2011.02.25 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\878\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011.07.16 02:26:42 | 014,814,100 | ---- | M] ()(C:\Users\878\Documents\????, ????? ??????????, ??? 2010.wmv) -- C:\Users\878\Documents\Саня, Точка невозврата, НТВ 2010.wmv
[2011.07.16 02:25:52 | 014,814,100 | ---- | C] ()(C:\Users\878\Documents\????, ????? ??????????, ??? 2010.wmv) -- C:\Users\878\Documents\Саня, Точка невозврата, НТВ 2010.wmv
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0168CC60
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C82CA1C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D621CFB8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32289BE8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EBF0842B

< End of report >

--- --- ---

cosinus · 23.10.2012, 15:59

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2012.10.07 01:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\jsxpwvikfsxuuug
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0168CC60
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C82CA1C0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D621CFB8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:32289BE8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:10CB85CA
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EBF0842B
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mar87 · 23.10.2012, 20:44

Danke für deine Mühe, hier das Ergebnis:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\ProgramData\jsxpwvikfsxuuug folder moved successfully.
ADS C:\ProgramData\TEMP:0168CC60 deleted successfully.
ADS C:\ProgramData\TEMP:C82CA1C0 deleted successfully.
ADS C:\ProgramData\TEMP:D621CFB8 deleted successfully.
ADS C:\ProgramData\TEMP:32289BE8 deleted successfully.
ADS C:\ProgramData\TEMP:10CB85CA deleted successfully.
ADS C:\ProgramData\TEMP:EBF0842B deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: 878
->Temp folder emptied: 3562544 bytes
->Temporary Internet Files folder emptied: 5745688 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 52865370 bytes
->Google Chrome cache emptied: 104412499 bytes
->Opera cache emptied: 50198223 bytes
->Flash cache emptied: 3658 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60315 bytes
RecycleBin emptied: 602112 bytes
 
Total Files Cleaned = 207,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10232012_213852

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

21.10.2012, 12:52	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC nach Trojanerbefall wirklich sauber? Wieso denn jetzt aktuelle Logs, ich wollte die schon von Malwarebytes vorhandenen Log mit den Funden sehen! An "leeren" Logs seh ich doch nicht welche Infektion du hattest! __________________ Logfiles bitte immer in CODE-Tags posten

21.10.2012, 13:15	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC nach Trojanerbefall wirklich sauber? Mehr hat Malwarebytes nicht gefunden oder gib es noch weitere Logs? __________________ --> PC nach Trojanerbefall wirklich sauber?

21.10.2012, 20:04	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PC nach Trojanerbefall wirklich sauber? Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

PC nach Trojanerbefall wirklich sauber?

Plagegeister aller Art und deren Bekämpfung: PC nach Trojanerbefall wirklich sauber?