Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows wurde aus Sicherheitsgründen gesperrt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.03.2012, 17:06   #1
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



Hallo, ich habe auch das Problem das ich den Virus/Trojaner habe, durch den der schwarze Bildschirm erscheint mit der Aufforderung Geld zu zahlen.
Ich habe Combofix schon durchlaufen lassen und kann das infizierte Windows 7 nun auch wieder benutzen. Aber Malwarebytes sowie Antivir lassen sich nicht updaten. Error 732 (0,0). Habe die Firewall ausgestellt und die Lan Einstellungen überprüft (Automatische Suche der Einstellungen), es geht trotzdem nicht.

Hier der Combofix Log
Code:
ATTFilter
ComboFix 12-03-27.03 - Speed-PC 28.03.2012  17:39:50.3.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2532 [GMT 2:00]
ausgeführt von:: e:\users\Speed-PC\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-28  ))))))))))))))))))))))))))))))
.
.
2012-03-28 15:44 . 2012-03-28 15:44	--------	d-----w-	e:\users\Default\AppData\Local\temp
2012-03-28 15:33 . 2012-03-28 15:33	--------	d-----w-	e:\program files\CCleaner
2012-03-27 23:18 . 2012-03-14 03:27	8669240	----a-w-	e:\programdata\Microsoft\Windows Defender\Definition Updates\{FAE734C0-4642-4045-BD07-D30281991C34}\mpengine.dll
2012-03-27 23:12 . 2012-03-27 23:12	--------	d-----w-	e:\users\Speed-PC\AppData\Roaming\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:54	38224	----a-w-	e:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-27 23:12 . 2012-03-27 23:12	--------	d-----w-	e:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 23:12 . 2012-03-27 23:12	--------	d-----w-	e:\programdata\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:53	22104	----a-w-	e:\windows\system32\drivers\mbam.sys
2012-03-26 17:16 . 2012-03-26 17:16	--------	d-----w-	e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-19 18:29 . 2012-03-19 18:29	592824	----a-w-	e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29	44472	----a-w-	e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30	5504880	----a-w-	e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25	3957616	----a-w-	e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25	3902320	----a-w-	e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27	1031680	----a-w-	e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44	826368	----a-w-	e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47	204800	----a-w-	e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46	23552	----a-w-	e:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52	279656	------w-	e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26	86528	----a-w-	e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26	76800	----a-w-	e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26	74752	----a-w-	e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26	63488	----a-w-	e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26	48640	----a-w-	e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26	367104	----a-w-	e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26	1798656	----a-w-	e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26	161792	----a-w-	e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26	1127424	----a-w-	e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26	110592	----a-w-	e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26	74752	----a-w-	e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26	89088	----a-w-	e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26	420864	----a-w-	e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26	35840	----a-w-	e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26	2382848	----a-w-	e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26	2382848	----a-w-	e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26	23552	----a-w-	e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26	222208	----a-w-	e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26	173056	----a-w-	e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26	152064	----a-w-	e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26	150528	----a-w-	e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26	142848	----a-w-	e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26	1427456	----a-w-	e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26	1390080	----a-w-	e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26	11776	----a-w-	e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26	101888	----a-w-	e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26	91648	----a-w-	e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26	85504	----a-w-	e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26	76800	----a-w-	e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26	49664	----a-w-	e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26	48640	----a-w-	e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26	448512	----a-w-	e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26	30720	----a-w-	e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26	2308096	----a-w-	e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26	1493504	----a-w-	e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26	135168	----a-w-	e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26	12288	----a-w-	e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26	114176	----a-w-	e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26	111616	----a-w-	e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26	603648	----a-w-	e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26	165888	----a-w-	e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26	160256	----a-w-	e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04	67584	----a-w-	e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17	419840	----a-w-	e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17	413696	----a-w-	e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17	133632	----a-w-	e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17	110592	----a-w-	e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37	414368	----a-w-	e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36	335288	----a-w-	e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13	509952	----a-w-	e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13	442880	----a-w-	e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13	515584	----a-w-	e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13	478208	----a-w-	e:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-27_23.07.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 21:47 . 2012-03-28 13:46	48886              e:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-28 13:46	32548              e:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-03 09:29 . 2012-03-28 13:46	14766              e:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3023865418-1405554827-2073565710-1001_UserData.bin
- 2010-03-02 17:32 . 2012-03-23 23:30	16384              e:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:32 . 2012-03-28 15:33	16384              e:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-02 17:32 . 2012-03-28 15:33	32768              e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-02 17:32 . 2012-03-23 23:30	32768              e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-28 15:33	16384              e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-23 23:30	16384              e:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-28 13:27	93624              e:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-27 23:06 . 2012-03-27 23:06	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 15:46 . 2012-03-28 15:46	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-28 15:46 . 2012-03-28 15:46	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-27 23:06 . 2012-03-27 23:06	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-27 22:57	616032              e:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-28 13:48	616032              e:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-03-28 13:48	654150              e:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-03-27 22:57	654150              e:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-28 13:48	106412              e:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-27 22:57	106412              e:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-03-27 22:57	130022              e:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-03-28 13:48	130022              e:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-27 23:05	325052              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-28 15:45	325052              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-11 23:38 . 2012-03-27 23:05	2351488              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-11 23:38 . 2012-03-28 13:42	2351488              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-11-03 14:42 . 2012-03-28 15:45	1659077              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-12288.dat
- 2011-11-03 14:42 . 2012-02-04 00:18	1659077              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-12288.dat
+ 2009-07-14 02:34 . 2012-03-28 14:30	10485760              e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-26 17:16	10485760              e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-12 01:11 . 2012-03-28 15:45	17088044              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51	919408	----a-w-	e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29	241872	----a-w-	e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28  17:50:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-28 15:50
ComboFix2.txt  2012-03-28 13:53
ComboFix3.txt  2012-03-27 23:11
.
Vor Suchlauf: 18 Verzeichnis(se), 23.087.230.976 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.413.313.536 Bytes frei
.
- - End Of File - - A9AF9F24F596276D2241C7F1DD4E97EA
         

Würde mich sehr über Hilfe freuen.

Alt 28.03.2012, 17:30   #2
markusg
/// Malware-holic
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



hi,
du hast schon gelesen was bei combofix dabei steht... nicht auf eigene faust einsetzen..
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 28.03.2012, 17:34   #3
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



OTL text.
Code:
ATTFilter
OTL logfile created on: 28.03.2012 18:18:17 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = E:\Users\Speed-PC\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,72% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 3,21 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 751,62 Gb Free Space | 90,14% Space Free | Partition Type: NTFS
Drive E: | 117,74 Gb Total Space | 21,80 Gb Free Space | 18,52% Space Free | Partition Type: NTFS
Drive F: | 580,90 Gb Total Space | 111,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive I: | 19,53 Gb Total Space | 19,45 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive J: | 16,22 Gb Total Space | 16,14 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive K: | 163,93 Gb Total Space | 83,21 Gb Free Space | 50,76% Space Free | Partition Type: NTFS
Drive L: | 152,87 Gb Total Space | 1,98 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive M: | 3,60 Gb Total Space | 2,37 Gb Free Space | 65,83% Space Free | Partition Type: FAT32
 
Computer Name: SPEED | User Name: Speed-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.28 18:13:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Users\Speed-PC\Desktop\OTL.exe
PRC - [2012.03.13 06:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- E:\Users\Speed-PC\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.02 14:48:14 | 000,075,136 | ---- | M] () -- E:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- E:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- E:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.26 04:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- E:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.05.20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- E:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010.01.23 08:12:18 | 000,673,792 | ---- | M] () [Auto | Running] -- E:\Program Files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe -- (mitsijm2011)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- E:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.03.28 00:42:56 | 003,417,376 | ---- | M] () [Auto | Running] -- e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011.10.02 14:48:14 | 000,075,136 | ---- | M] () [Auto | Running] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- E:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- E:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.11.09 23:56:10 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- E:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2009.07.21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.04 12:04:30 | 000,067,584 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2012.02.03 23:36:28 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- E:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2011.11.02 22:14:31 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- E:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.11.02 14:57:12 | 000,526,392 | ---- | M] () [Kernel | Boot | Running] -- E:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.10.26 05:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.10.26 05:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 03:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.04.12 11:45:50 | 000,018,432 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\HPub4DE3.sys -- (HPub4DE3) USB Mouse Low Filter Driver_4DE3 (WDF Version)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- E:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 10:44:44 | 000,025,088 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\HPMo4DE3.sys -- (HPMo4DE3) Mouse Suite Driver_4DE3 (WDF Version)
DRV:64bit: - [2010.05.20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.03 23:47:15 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 19:46:08 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- E:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- E:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.08.08 18:54:12 | 000,035,624 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- E:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = E:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=drive
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E2 57 D7 36 DE CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=drive&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: E:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: E:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: E:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: E:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Program Files (x86)\Mozilla Firefox\components [2012.03.19 20:29:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.03 23:36:29 | 000,000,000 | ---D | M]
 
[2011.10.11 15:27:57 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Extensions
[2012.02.24 20:50:22 | 000,000,000 | ---D | M] (No name found) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions
[2012.02.16 12:54:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.24 20:50:22 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.03 23:42:24 | 000,000,000 | ---D | M] (Softonic Toolbar) -- E:\Users\Speed-PC\AppData\Roaming\mozilla\Firefox\Profiles\691qcyz4.default\extensions\ffxtlbra@softonic.com
[2012.01.19 08:55:20 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\mozilla firefox\extensions
[2010.12.22 19:06:23 | 000,000,000 | ---D | M] (Skype extension) -- E:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- E:\USERS\SPEED-PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\691QCYZ4.DEFAULT\EXTENSIONS\{988DA70D-B78D-44A1-A9C7-ED11832A9E2E}.XPI
[2012.03.19 20:29:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.03 23:42:19 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 23:42:19 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.03 23:42:19 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.28 14:04:48 | 000,002,048 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchdrive.xml
[2012.02.03 23:42:19 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 23:42:19 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 23:42:19 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.28 17:46:52 | 000,000,027 | ---- | M]) - E:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - E:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - E:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - E:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LifeCam] E:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] E:\Users\Speed-PC\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - E:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2BDCE44-340C-45F5-B1D5-D60CEF90790F}: DhcpNameServer = 83.169.185.161 83.169.185.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E52F0E1D-F63B-4BD7-B333-520AB3EA1311}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (E:\Windows\system32\userinit.exe) - E:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\Windows\system32\userinit.exe) - E:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.08 12:25:43 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.11.09 23:58:53 | 000,000,000 | ---D | M] - D:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.11.09 23:56:34 | 000,000,000 | ---D | M] - D:\autodesk inventor -- [ NTFS ]
O32 - AutoRun File - [2009.11.17 20:01:09 | 000,000,000 | ---D | M] - D:\autodesk mechanikel -- [ NTFS ]
O32 - AutoRun File - [2009.03.20 17:42:25 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3632E75D-5A43-2F8C-C58C-A06A93A0FE1D} - Browser Customizations
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {56340C08-7C03-D387-415C-74987CFF5C1D} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {5DAA5708-0450-D925-47AB-C74C7DE14946} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7E708BFC-558E-59AD-CC82-167744122775} - Internet Explorer
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\Windows\system32\Rundll32.exe E:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E414996F-0FE9-2F05-128E-C13F9B0A8D2F} - DirectX
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {F6728ED5-C77B-6922-8AAA-325ADDD91046} - Themes Setup
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\Windows\System32\rundll32.exe" "E:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\Windows\SysWOW64\Rundll32.exe E:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\Windows\SysWOW64\rundll32.exe" "E:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - E:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: E:^Users^Speed-PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Free Music Zilla.lnk - E:\PROGRA~2\FREEMU~1\FMZilla.exe - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - E:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EADM - hkey= - key= - D:\Programme Win7\Origin\Origin.exe (Electronic Arts)
MsConfig:64bit - StartUpReg: facemoods - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - E:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: VX1000 - hkey= - key= - E:\Windows\vVX1000.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - E:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.28 18:13:02 | 000,593,920 | ---- | C] (OldTimer Tools) -- E:\Users\Speed-PC\Desktop\OTL.exe
[2012.03.28 17:50:53 | 000,000,000 | ---D | C] -- E:\Windows\temp
[2012.03.28 17:46:56 | 000,000,000 | ---D | C] -- E:\$RECYCLE.BIN
[2012.03.28 17:38:52 | 000,000,000 | ---D | C] -- E:\cofi.exe
[2012.03.28 17:33:32 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.03.28 17:33:32 | 000,000,000 | ---D | C] -- E:\Program Files\CCleaner
[2012.03.28 17:32:04 | 004,448,391 | R--- | C] (Swearware) -- E:\Users\Speed-PC\Desktop\cofi.exe.exe
[2012.03.28 01:12:30 | 000,000,000 | ---D | C] -- E:\Users\Speed-PC\AppData\Roaming\Malwarebytes
[2012.03.28 01:12:28 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.28 01:12:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012.03.28 01:12:24 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- E:\Windows\SysNative\drivers\mbam.sys
[2012.03.28 01:12:24 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.28 01:12:24 | 000,000,000 | ---D | C] -- E:\ProgramData\Malwarebytes
[2012.03.28 00:56:22 | 000,518,144 | ---- | C] (SteelWerX) -- E:\Windows\SWREG.exe
[2012.03.28 00:56:22 | 000,406,528 | ---- | C] (SteelWerX) -- E:\Windows\SWSC.exe
[2012.03.28 00:56:22 | 000,060,416 | ---- | C] (NirSoft) -- E:\Windows\NIRCMD.exe
[2012.03.28 00:56:19 | 000,000,000 | ---D | C] -- E:\Windows\ERDNT
[2012.03.28 00:56:16 | 000,000,000 | ---D | C] -- E:\Qoobox
[2012.03.26 19:16:10 | 000,000,000 | ---D | C] -- E:\Users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.28 18:13:03 | 000,593,920 | ---- | M] (OldTimer Tools) -- E:\Users\Speed-PC\Desktop\OTL.exe
[2012.03.28 17:54:27 | 000,013,264 | -H-- | M] () -- E:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 17:54:27 | 000,013,264 | -H-- | M] () -- E:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.28 17:51:19 | 001,498,742 | ---- | M] () -- E:\Windows\SysNative\PerfStringBackup.INI
[2012.03.28 17:51:19 | 000,654,150 | ---- | M] () -- E:\Windows\SysNative\perfh007.dat
[2012.03.28 17:51:19 | 000,616,032 | ---- | M] () -- E:\Windows\SysNative\perfh009.dat
[2012.03.28 17:51:19 | 000,130,022 | ---- | M] () -- E:\Windows\SysNative\perfc007.dat
[2012.03.28 17:51:19 | 000,106,412 | ---- | M] () -- E:\Windows\SysNative\perfc009.dat
[2012.03.28 17:46:52 | 000,000,027 | ---- | M] () -- E:\Windows\SysNative\drivers\etc\hosts
[2012.03.28 17:46:37 | 000,000,500 | ---- | M] () -- E:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.03.28 17:46:19 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012.03.28 17:46:07 | 3220,475,904 | -HS- | M] () -- E:\hiberfil.sys
[2012.03.28 17:33:32 | 000,000,827 | ---- | M] () -- E:\Users\Public\Desktop\CCleaner.lnk
[2012.03.28 01:12:28 | 000,001,018 | ---- | M] () -- E:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012.03.28 00:52:56 | 004,448,391 | R--- | M] (Swearware) -- E:\Users\Speed-PC\Desktop\cofi.exe.exe
[2012.03.15 12:53:51 | 000,403,208 | ---- | M] () -- E:\Windows\SysNative\FNTCACHE.DAT
[2012.02.29 14:18:04 | 000,001,171 | ---- | M] () -- E:\Users\Speed-PC\Documents\esti.m3u
 
========== Files Created - No Company Name ==========
 
[2012.03.28 17:33:32 | 000,000,827 | ---- | C] () -- E:\Users\Public\Desktop\CCleaner.lnk
[2012.03.28 01:12:28 | 000,001,018 | ---- | C] () -- E:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012.03.28 00:56:22 | 000,256,000 | ---- | C] () -- E:\Windows\PEV.exe
[2012.03.28 00:56:22 | 000,208,896 | ---- | C] () -- E:\Windows\MBR.exe
[2012.03.28 00:56:22 | 000,098,816 | ---- | C] () -- E:\Windows\sed.exe
[2012.03.28 00:56:22 | 000,080,412 | ---- | C] () -- E:\Windows\grep.exe
[2012.03.28 00:56:22 | 000,068,096 | ---- | C] () -- E:\Windows\zip.exe
[2012.02.29 14:18:04 | 000,001,171 | ---- | C] () -- E:\Users\Speed-PC\Documents\esti.m3u
[2012.02.19 00:23:50 | 000,000,056 | -H-- | C] () -- E:\ProgramData\ezsidmv.dat
[2011.11.23 13:37:43 | 000,000,337 | ---- | C] () -- E:\Users\Speed-PC\AppData\Local\Perfmon.PerfmonCfg
[2011.10.26 03:38:38 | 000,204,952 | ---- | C] () -- E:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 03:38:38 | 000,157,144 | ---- | C] () -- E:\Windows\SysWow64\ativvsva.dat
[2011.09.14 12:47:40 | 000,053,760 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2010.06.15 17:46:07 | 000,019,456 | ---- | C] () -- E:\Users\Speed-PC\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2010.08.27 19:30:22 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\algomahe.de
[2010.12.31 18:43:19 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Amazon
[2011.01.04 16:04:08 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Autodesk
[2011.11.18 15:58:28 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\benibela
[2012.03.28 17:35:38 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DAEMON Tools Lite
[2012.03.28 17:35:38 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DAEMON Tools Pro
[2012.02.24 20:45:44 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoft
[2012.02.24 20:45:39 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 14:30:16 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\FMZilla
[2012.03.26 19:16:12 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
[2011.01.05 23:11:40 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\kikin
[2010.08.23 00:36:03 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\LolClient
[2011.10.02 14:29:10 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Origin
[2012.02.03 23:43:14 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\SplitMediaLabs
[2010.06.07 22:42:29 | 000,000,000 | ---D | M] -- E:\Users\Speed-PC\AppData\Roaming\Teeworlds
[2012.03.28 17:46:37 | 000,000,500 | ---- | M] () -- E:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.01.15 07:20:08 | 000,032,632 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.03.28 17:46:56 | 000,000,000 | ---D | M] -- E:\$RECYCLE.BIN
[2009.11.16 18:30:00 | 000,000,000 | ---D | M] -- E:\ATI
[2012.03.28 17:50:54 | 000,000,000 | ---D | M] -- E:\cofi.exe
[2011.11.02 15:57:24 | 000,000,000 | ---D | M] -- E:\Documents
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- E:\Documents and Settings
[2009.01.05 21:20:29 | 000,000,000 | -HSD | M] -- E:\Dokumente und Einstellungen
[2010.05.30 14:08:14 | 000,000,000 | ---D | M] -- E:\found.000
[2009.01.05 21:34:38 | 000,000,000 | ---D | M] -- E:\Intel
[2010.05.08 12:50:02 | 000,000,000 | ---D | M] -- E:\MITSI 2011 Temporary Files
[2010.11.30 22:54:45 | 000,000,000 | R--D | M] -- E:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- E:\PerfLogs
[2012.03.28 17:33:32 | 000,000,000 | R--D | M] -- E:\Program Files
[2012.03.28 01:12:24 | 000,000,000 | R--D | M] -- E:\Program Files (x86)
[2012.03.28 01:12:24 | 000,000,000 | ---D | M] -- E:\ProgramData
[2009.01.05 21:20:29 | 000,000,000 | -HSD | M] -- E:\Programme
[2009.06.08 16:58:13 | 000,000,000 | ---D | M] -- E:\Programs
[2012.03.28 17:50:54 | 000,000,000 | ---D | M] -- E:\Qoobox
[2010.03.02 19:36:40 | 000,000,000 | ---D | M] -- E:\Recovery
[2012.03.28 18:19:27 | 000,000,000 | -HSD | M] -- E:\System Volume Information
[2012.03.24 20:32:28 | 000,000,000 | ---D | M] -- E:\temp
[2010.03.02 19:36:49 | 000,000,000 | R--D | M] -- E:\Users
[2012.03.28 17:50:53 | 000,000,000 | ---D | M] -- E:\Windows
[2012.02.04 12:02:46 | 000,000,000 | ---D | M] -- E:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- E:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- E:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- E:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- E:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\ERDNT\cache86\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- E:\Users\Speed-PC\Desktop\Downloads\IMSM_V8901023\IMSM_V8901023\Driver\Disk\f6flpy64\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- E:\Users\Speed-PC\Desktop\Downloads\IMSM_V8901023\IMSM_V8901023\Driver\Disk\f6flpy32\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- E:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- E:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- E:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- E:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- E:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- E:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- E:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- E:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- E:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- E:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- E:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- E:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.11.18 16:02:40 | 000,000,600 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.aux
[2011.11.18 16:02:40 | 000,050,338 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.log
[2011.11.18 16:02:40 | 000,000,000 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.nlo
[2011.11.18 16:02:40 | 000,000,000 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.out
[2011.11.18 16:01:55 | 000,007,991 | ---- | M] () -- E:\Users\Speed-PC\Bachelorarbeit.tex
[2010.08.27 19:10:20 | 000,036,280 | ---- | M] () -- E:\Users\Speed-PC\GamingC.mac
[2012.03.28 18:19:15 | 003,932,160 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT
[2012.03.28 18:19:15 | 000,262,144 | -HS- | M] () -- E:\Users\Speed-PC\ntuser.dat.LOG1
[2010.03.02 19:36:51 | 000,000,000 | -HS- | M] () -- E:\Users\Speed-PC\ntuser.dat.LOG2
[2010.03.03 02:19:45 | 000,065,536 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.03 02:19:45 | 000,524,288 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.03 02:19:45 | 000,524,288 | -HS- | M] () -- E:\Users\Speed-PC\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.02 19:36:52 | 000,000,020 | -HS- | M] () -- E:\Users\Speed-PC\ntuser.ini
[2010.11.30 22:34:04 | 000,013,312 | ---- | M] () -- E:\Users\Speed-PC\s1.xls
[2010.11.30 22:31:19 | 000,186,546 | ---- | M] () -- E:\Users\Speed-PC\Stückliste 1.xml
[2010.11.30 22:31:32 | 000,186,546 | ---- | M] () -- E:\Users\Speed-PC\Stückliste 2.xml
[2010.11.30 23:11:14 | 000,051,490 | ---- | M] () -- E:\Users\Speed-PC\Stückliste.pdf
[2010.11.30 22:55:00 | 000,024,576 | ---- | M] () -- E:\Users\Speed-PC\Stückliste.xls
[2010.11.30 23:11:06 | 000,013,677 | ---- | M] () -- E:\Users\Speed-PC\Stückliste.xlsx
[2010.08.27 19:26:56 | 000,005,546 | ---- | M] () -- E:\Users\Speed-PC\XMBCSettings.xml
[2010.08.27 19:28:32 | 000,003,657 | ---- | M] () -- E:\Users\Speed-PC\XMouseButtonControl.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         

Extras txt.

Code:
ATTFilter
OTL Extras logfile created on: 28.03.2012 18:18:17 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = E:\Users\Speed-PC\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,72% Memory free
8,00 Gb Paging File | 6,53 Gb Available in Paging File | 81,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 3,21 Gb Free Space | 3,29% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 751,62 Gb Free Space | 90,14% Space Free | Partition Type: NTFS
Drive E: | 117,74 Gb Total Space | 21,80 Gb Free Space | 18,52% Space Free | Partition Type: NTFS
Drive F: | 580,90 Gb Total Space | 111,68 Gb Free Space | 19,23% Space Free | Partition Type: NTFS
Drive I: | 19,53 Gb Total Space | 19,45 Gb Free Space | 99,55% Space Free | Partition Type: NTFS
Drive J: | 16,22 Gb Total Space | 16,14 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
Drive K: | 163,93 Gb Total Space | 83,21 Gb Free Space | 50,76% Space Free | Partition Type: NTFS
Drive L: | 152,87 Gb Total Space | 1,98 Gb Free Space | 1,29% Space Free | Partition Type: NTFS
Drive M: | 3,60 Gb Total Space | 2,37 Gb Free Space | 65,83% Space Free | Partition Type: FAT32
 
Computer Name: SPEED | User Name: Speed-PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- E:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "E:\Windows\System32\rundll32.exe" "E:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "E:\Windows\System32\rundll32.exe" "E:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = E:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
"E:\Program Files (x86)\Free Music Zilla\FMZilla.exe" = E:\Program Files (x86)\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52FB2985-F3AD-DAA7-7645-4E38A5B96E17}" = AMD Catalyst Install Manager
"{5783F2D7-9005-0407-1102-0060B0CE6BBA}" = AutoCAD Mechanical 2011 Language Pack - Deutsch
"{5783F2D7-9005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2011
"{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{7244B345-B413-408B-9D04-F55BE1CC93FA}" = Autodesk Inventor Content Center Libraries 2011 (Desktop Content)
"{7F4DD591-1564-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2011
"{7F4DD591-1564-0409-0001-7107D70F3DB4}" = Autodesk Inventor Professional 2011 Language Pack - Deutsch
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ACF9459F-3585-487A-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client)
"{ACF9459F-3585-487F-A84E-B1A3A0D12165}" = Autodesk Vault 2011 (Client) German Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD Mechanical 2011" = AutoCAD Mechanical 2011
"AutoCAD Mechanical 2011 Version 2" = AutoCAD Mechanical 2011 Version 2
"Autodesk Inventor Professional 2011" = Autodesk Inventor Professional 2011 Deutsch
"CCleaner" = CCleaner
"DWG TrueView 2011" = DWG TrueView 2011
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Virtual Audio Cable 4.9" = Virtual Audio Cable 4.9
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = Catalyst Control Center
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73E80655-FB3C-46F4-BE00-62D248BC490A}" = Visual C++ 2008 Runtime (x64)
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin (NO23 Edition) 2.0
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E9A1960E-7756-2299-C700-DC7CA6EDD6E4}" = Catalyst Control Center InstallProxy
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3EF5DE8-1120-4B77-99A3-4DC232E8C129}" = XSplit
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"Akamai" = Akamai NetSession Interface Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ATITool" = ATITool Overclocking Utility
"Audiograbber" = Audiograbber 1.83 SE 
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"Autodesk Vault 2011 (Client)" = Autodesk Vault 2011 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ESN Sonar-0.70.0" = ESN Sonar
"EXCEL" = Microsoft Office Excel 2007
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Music Zilla_is1" = Free Music Zilla
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Hamachi" = Hamachi 1.0.1.5
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"League of Legends_is1" = League of Legends
"LEd_is1" = LEd Beta 0.53
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MausII" = MausII
"McAfee Security Scan" = McAfee Security Scan Plus
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MyMDb_0" = MyMDb 3.6
"Origin" = Origin
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"softonic" = Softonic toolbar  on IE and Chrome
"StarCraft II" = StarCraft II
"Sweet Home 3D_is1" = Sweet Home 3D version 2.3
"TexMakerX_is1" = TexMakerX 2.1
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.5
"WaveLabPro" = WaveLab 6
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
__________________

Alt 28.03.2012, 18:03   #4
markusg
/// Malware-holic
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



wieso wurde combofix eig mehrfach ausgeführt und wo sind die anderen berichte?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 28.03.2012, 18:13   #5
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



Mein Fehler, habe vorschnell gehandelt Laie...
Habe es Gestern einmal direkt vom USB Stick ausgeführt und danach hat alles wieder funktioniert. Heute kam der schwarze Bildschirm mit dem Text wieder und ich habe es nochmal durchlaufen lassen und danach nochmal vom Desktop umbenannt als cofi.exe. Schön blöd aber leider nicht mehr zu ändern
Finde leider die alte Log nicht mehr :

Hoffe du kannst mir trotzdem helfen


Geändert von Lenn-Art (28.03.2012 um 18:55 Uhr)

Alt 28.03.2012, 19:14   #6
markusg
/// Malware-holic
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



schau mal, die logs müssten alle auf c: oder im ordner qoobox liegen.
eig alle unter dem buchstaben c, wie combofix(nummer).txt oder log(nummer).txt

sicher will ich dir helfen, aber ich brauch auch infos die mich dazu befähigen meine arbeit vernünftig zu machen
ich würd mich auch mit der
ComboFix-quarantined-files.txt
zufrieden geben :-)
__________________
--> Windows wurde aus Sicherheitsgründen gesperrt

Alt 28.03.2012, 19:50   #7
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



Alles klar

Habe sie im qoobox ordner gefunden

Combofix 3 txt.


Code:
ATTFilter
ComboFix 12-03-27.03 - Speed-PC 28.03.2012   0:58.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2401 [GMT 2:00]
ausgeführt von:: M:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\program files (x86)\facemoods.com
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.crx
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.png
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
e:\users\Speed-PC\AppData\Local\Skype\SkypePM.exe
e:\windows\Downloaded Program Files\IDropPTB.dll
F:\resycled
f:\resycled\boot.com
K:\resycled
L:\resycled
l:\resycled\boot.com
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 23:04 . 2012-03-27 23:04    --------    d-----w-    e:\users\Default\AppData\Local\temp
2012-03-26 17:16 . 2012-03-26 17:16    --------    d-----w-    e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-23 19:51 . 2012-03-14 03:27    8669240    ----a-w-    e:\programdata\Microsoft\Windows Defender\Definition Updates\{4524C219-C6CA-4476-829A-13C114D519E1}\mpengine.dll
2012-03-19 18:29 . 2012-03-19 18:29    592824    ----a-w-    e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29    44472    ----a-w-    e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30    5504880    ----a-w-    e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25    3957616    ----a-w-    e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25    3902320    ----a-w-    e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27    1031680    ----a-w-    e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44    826368    ----a-w-    e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47    204800    ----a-w-    e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46    23552    ----a-w-    e:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52    279656    ------w-    e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26    86528    ----a-w-    e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26    76800    ----a-w-    e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26    74752    ----a-w-    e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26    63488    ----a-w-    e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26    48640    ----a-w-    e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26    367104    ----a-w-    e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26    1798656    ----a-w-    e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26    161792    ----a-w-    e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26    1127424    ----a-w-    e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26    110592    ----a-w-    e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26    74752    ----a-w-    e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26    89088    ----a-w-    e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26    420864    ----a-w-    e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26    35840    ----a-w-    e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26    2382848    ----a-w-    e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26    2382848    ----a-w-    e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26    23552    ----a-w-    e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26    222208    ----a-w-    e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26    173056    ----a-w-    e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26    152064    ----a-w-    e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26    150528    ----a-w-    e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26    142848    ----a-w-    e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26    1427456    ----a-w-    e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26    1390080    ----a-w-    e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26    11776    ----a-w-    e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26    101888    ----a-w-    e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26    91648    ----a-w-    e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26    85504    ----a-w-    e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26    76800    ----a-w-    e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26    49664    ----a-w-    e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26    48640    ----a-w-    e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26    448512    ----a-w-    e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26    30720    ----a-w-    e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26    2308096    ----a-w-    e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26    1493504    ----a-w-    e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26    135168    ----a-w-    e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26    12288    ----a-w-    e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26    114176    ----a-w-    e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26    111616    ----a-w-    e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26    603648    ----a-w-    e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26    165888    ----a-w-    e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26    160256    ----a-w-    e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04    67584    ----a-w-    e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17    419840    ----a-w-    e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17    413696    ----a-w-    e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17    133632    ----a-w-    e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17    110592    ----a-w-    e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37    414368    ----a-w-    e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36    335288    ----a-w-    e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13    509952    ----a-w-    e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13    442880    ----a-w-    e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13    515584    ----a-w-    e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13    478208    ----a-w-    e:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51    919408    ----a-w-    e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29    241872    ----a-w-    e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="e:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-SkypePM - e:\users\Speed-PC\AppData\Local\Skype\SkypePM.exe
AddRemove-facemoods - e:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28  01:11:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-27 23:11
.
Vor Suchlauf: 13 Verzeichnis(se), 19.952.971.776 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 22.571.253.760 Bytes frei
.
- - End Of File - - 2DDDCAFF5E3ADAA3128E3FAC89913470
         
--- --- ---



und hier ComboFix-quarantined-files

Code:
ATTFilter
2012-03-28 13:13:17 . 2012-03-28 13:13:17            1,050 ----a-w-  E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg413708.exe.lnk.vir
2012-03-28 13:13:15 . 2012-03-28 13:13:17          228,392 ----a-w-  E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Local\Temp\arg413708.exe.vir
2012-03-27 23:10:24 . 2012-03-27 23:10:24              632 ----a-w-  E:\Qoobox\Quarantine\Registry_backups\AddRemove-facemoods.reg.dat
2012-03-27 23:10:04 . 2012-03-27 23:10:04              148 ----a-w-  E:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-SkypePM.reg.dat
2012-03-27 23:07:09 . 2008-10-22 17:33:38                0 ----a-w-  E:\Qoobox\Quarantine\L\resycled\boot.com.vir
2012-03-27 23:07:09 . 2008-10-22 17:33:38                0 ----a-w-  E:\Qoobox\Quarantine\F\resycled\boot.com.vir
2012-03-27 23:02:38 . 2012-03-28 15:43:10           12,436 ----a-w-  E:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-03-27 22:56:19 . 2012-03-28 15:38:53              153 ----a-w-  E:\Qoobox\Quarantine\catchme.log
2011-11-02 12:14:57 . 2011-11-02 12:14:57            2,653 ----a-w-  E:\Qoobox\Quarantine\E\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk.vir
2011-08-28 12:04:48 . 2011-08-28 12:04:48          138,074 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe.vir
2011-05-01 09:15:10 . 2011-05-01 09:15:10           32,790 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.crx.vir
2011-04-26 17:22:12 . 2011-02-26 06:23:14           82,592 ----a-w-  E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Local\Skype\SkypePM.exe.vir
2011-04-14 10:32:46 . 2011-04-14 10:32:46          368,344 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll.vir
2011-04-14 10:32:44 . 2011-04-14 10:32:44          220,888 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll.vir
2011-04-14 10:32:42 . 2011-04-14 10:32:42          329,432 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe.vir
2011-04-14 10:32:42 . 2011-04-14 10:32:42          265,944 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll.vir
2011-04-14 10:32:40 . 2011-04-14 10:32:40          462,552 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll.vir
2010-10-10 14:46:56 . 2010-10-10 14:46:56            2,664 ----a-w-  E:\Qoobox\Quarantine\E\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.png.vir
2007-02-12 10:40:02 . 2007-02-12 10:40:02                0 ----a-w-  E:\Qoobox\Quarantine\E\Windows\Downloaded Program Files\IDropPTB.dll.vir
         
Ach hier noch Combofix 2 txt.

Code:
ATTFilter
ComboFix 12-03-27.03 - Speed-PC 28.03.2012  15:32:56.2.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4095.2560 [GMT 2:00]
ausgeführt von:: M:\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\users\Speed-PC\AppData\Local\Temp\arg413708.exe
e:\users\Speed-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg413708.exe.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-28  ))))))))))))))))))))))))))))))
.
.
2012-03-28 13:42 . 2012-03-28 13:42	--------	d-----w-	e:\users\Default\AppData\Local\temp
2012-03-27 23:18 . 2012-03-14 03:27	8669240	----a-w-	e:\programdata\Microsoft\Windows Defender\Definition Updates\{FAE734C0-4642-4045-BD07-D30281991C34}\mpengine.dll
2012-03-27 23:12 . 2012-03-27 23:12	--------	d-----w-	e:\users\Speed-PC\AppData\Roaming\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:54	38224	----a-w-	e:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-27 23:12 . 2012-03-27 23:12	--------	d-----w-	e:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-27 23:12 . 2012-03-27 23:12	--------	d-----w-	e:\programdata\Malwarebytes
2012-03-27 23:12 . 2009-09-10 12:53	22104	----a-w-	e:\windows\system32\drivers\mbam.sys
2012-03-26 17:16 . 2012-03-26 17:16	--------	d-----w-	e:\users\Speed-PC\AppData\Roaming\Internet Exprorer Add-on
2012-03-19 18:29 . 2012-03-19 18:29	592824	----a-w-	e:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 18:29 . 2012-03-19 18:29	44472	----a-w-	e:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:15 . 2011-11-19 18:30	5504880	----a-w-	e:\windows\system32\ntoskrnl.exe
2012-03-14 10:15 . 2011-11-19 14:25	3957616	----a-w-	e:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 10:15 . 2011-11-19 14:25	3902320	----a-w-	e:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:44 . 2012-02-15 06:27	1031680	----a-w-	e:\windows\system32\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 05:44	826368	----a-w-	e:\windows\SysWow64\rdpcore.dll
2012-03-14 09:44 . 2012-02-15 04:47	204800	----a-w-	e:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:44 . 2012-02-15 04:46	23552	----a-w-	e:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-03-02 17:52	279656	------w-	e:\windows\system32\MpSigStub.exe
2012-02-21 10:26 . 2012-02-21 10:26	86528	----a-w-	e:\windows\SysWow64\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26	76800	----a-w-	e:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26	74752	----a-w-	e:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26	63488	----a-w-	e:\windows\SysWow64\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26	48640	----a-w-	e:\windows\SysWow64\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26	367104	----a-w-	e:\windows\SysWow64\html.iec
2012-02-21 10:26 . 2012-02-21 10:26	1798656	----a-w-	e:\windows\SysWow64\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26	161792	----a-w-	e:\windows\SysWow64\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26	1127424	----a-w-	e:\windows\SysWow64\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26	110592	----a-w-	e:\windows\SysWow64\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26	74752	----a-w-	e:\windows\SysWow64\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26	89088	----a-w-	e:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 10:26 . 2012-02-21 10:26	420864	----a-w-	e:\windows\SysWow64\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26	35840	----a-w-	e:\windows\SysWow64\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26	2382848	----a-w-	e:\windows\SysWow64\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26	2382848	----a-w-	e:\windows\system32\mshtml.tlb
2012-02-21 10:26 . 2012-02-21 10:26	23552	----a-w-	e:\windows\SysWow64\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26	222208	----a-w-	e:\windows\system32\msls31.dll
2012-02-21 10:26 . 2012-02-21 10:26	173056	----a-w-	e:\windows\system32\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26	152064	----a-w-	e:\windows\SysWow64\wextract.exe
2012-02-21 10:26 . 2012-02-21 10:26	150528	----a-w-	e:\windows\SysWow64\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26	142848	----a-w-	e:\windows\SysWow64\ieUnatt.exe
2012-02-21 10:26 . 2012-02-21 10:26	1427456	----a-w-	e:\windows\SysWow64\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26	1390080	----a-w-	e:\windows\system32\wininet.dll
2012-02-21 10:26 . 2012-02-21 10:26	11776	----a-w-	e:\windows\SysWow64\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26	101888	----a-w-	e:\windows\SysWow64\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26	91648	----a-w-	e:\windows\system32\SetIEInstalledDate.exe
2012-02-21 10:26 . 2012-02-21 10:26	85504	----a-w-	e:\windows\system32\iesetup.dll
2012-02-21 10:26 . 2012-02-21 10:26	76800	----a-w-	e:\windows\system32\tdc.ocx
2012-02-21 10:26 . 2012-02-21 10:26	49664	----a-w-	e:\windows\system32\imgutil.dll
2012-02-21 10:26 . 2012-02-21 10:26	48640	----a-w-	e:\windows\system32\mshtmler.dll
2012-02-21 10:26 . 2012-02-21 10:26	448512	----a-w-	e:\windows\system32\html.iec
2012-02-21 10:26 . 2012-02-21 10:26	30720	----a-w-	e:\windows\system32\licmgr10.dll
2012-02-21 10:26 . 2012-02-21 10:26	2308096	----a-w-	e:\windows\system32\jscript9.dll
2012-02-21 10:26 . 2012-02-21 10:26	1493504	----a-w-	e:\windows\system32\inetcpl.cpl
2012-02-21 10:26 . 2012-02-21 10:26	135168	----a-w-	e:\windows\system32\IEAdvpack.dll
2012-02-21 10:26 . 2012-02-21 10:26	12288	----a-w-	e:\windows\system32\mshta.exe
2012-02-21 10:26 . 2012-02-21 10:26	114176	----a-w-	e:\windows\system32\admparse.dll
2012-02-21 10:26 . 2012-02-21 10:26	111616	----a-w-	e:\windows\system32\iesysprep.dll
2012-02-21 10:26 . 2012-02-21 10:26	603648	----a-w-	e:\windows\system32\vbscript.dll
2012-02-21 10:26 . 2012-02-21 10:26	165888	----a-w-	e:\windows\system32\iexpress.exe
2012-02-21 10:26 . 2012-02-21 10:26	160256	----a-w-	e:\windows\system32\wextract.exe
2012-02-04 10:04 . 2012-02-04 10:04	67584	----a-w-	e:\windows\system32\drivers\vrtaucbl.sys
2012-02-04 00:17 . 2012-02-04 00:17	419840	----a-w-	e:\windows\system32\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17	413696	----a-w-	e:\windows\SysWow64\wrap_oal.dll
2012-02-04 00:17 . 2012-02-04 00:17	133632	----a-w-	e:\windows\system32\OpenAL32.dll
2012-02-04 00:17 . 2012-02-04 00:17	110592	----a-w-	e:\windows\SysWow64\OpenAL32.dll
2012-02-03 21:45 . 2011-11-15 10:37	414368	----a-w-	e:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 21:36 . 2012-02-03 21:36	335288	----a-w-	e:\windows\system32\drivers\acedrv11.sys
2012-01-04 09:58 . 2012-02-16 10:13	509952	----a-w-	e:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 10:13	442880	----a-w-	e:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-16 10:13	515584	----a-w-	e:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-16 10:13	478208	----a-w-	e:\windows\SysWow64\timedate.cpl
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-27_23.07.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 21:47 . 2012-03-28 13:30	48680              e:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-28 13:31	32524              e:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-03 09:29 . 2012-03-28 13:31	14750              e:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3023865418-1405554827-2073565710-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-03-28 13:27	93624              e:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-28 13:44 . 2012-03-28 13:44	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 23:06 . 2012-03-27 23:06	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-27 23:06 . 2012-03-27 23:06	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-28 13:44 . 2012-03-28 13:44	2048              e:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-27 22:57	616032              e:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-28 13:35	616032              e:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-03-27 22:57	654150              e:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-03-28 13:35	654150              e:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-03-28 13:35	106412              e:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-27 22:57	106412              e:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-03-28 13:35	130022              e:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-03-27 22:57	130022              e:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-03-27 23:05	325052              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-28 13:42	325052              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-11 23:38 . 2012-03-28 13:42	2351488              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-11 23:38 . 2012-03-27 23:05	2351488              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 02:34 . 2012-03-27 23:29	10485760              e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-03-26 17:16	10485760              e:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-12 01:11 . 2012-03-28 13:42	16746824              e:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3023865418-1405554827-2073565710-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-11-23 19:51	919408	----a-w-	e:\program files (x86)\kikin\ie_kikin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29	241872	----a-w-	e:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "e:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="e:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="e:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"Akamai NetSession Interface"="e:\users\Speed-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="e:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="e:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
"SoundMAXPnP"="e:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"LifeCam"="e:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
.
e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - e:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;e:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);e:\windows\system32\DRIVERS\vrtaucbl.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;e:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-08 1436424]
R3 McComponentHostService;McAfee Security Scan Component Host Service;e:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;e:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;e:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 sptd;sptd;e:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;e:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;e:\windows\system32\drivers\acedrv11.sys [x]
S2 Akamai;Akamai NetSession Interface;e:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;e:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 mitsijm2011;Autodesk Moldflow Inventor Tool Suite Integration 2011 - Job-Manager;e:\program files\Autodesk\Inventor 2011\Moldflow\bin\mitsijm.exe [2010-01-23 673792]
S3 amdkmdag;amdkmdag;e:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;e:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);e:\windows\system32\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);e:\windows\system32\Drivers\HPub4DE3.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;e:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-28 e:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- d:\programme win7\bin\win64\MATLABStartupAccelerator.exe [2011-11-02 14:34]
.
.
--------- x86-64 -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = e:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=drive
mLocal Page = e:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Free YouTube Download - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - e:\users\Speed-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - e:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - e:\program files (x86)\kikin\ie_kikin.dll
FF - ProfilePath - e:\users\Speed-PC\AppData\Roaming\Mozilla\Firefox\Profiles\691qcyz4.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 84cbead70000000000007a7905a871f7
FF - user.js: extensions.softonic_i.instlDay - 15373
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.522:34
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="e:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="e:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
e:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
e:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-28  15:53:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-28 13:53
ComboFix2.txt  2012-03-27 23:11
.
Vor Suchlauf: 18 Verzeichnis(se), 21.637.435.392 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 21.302.534.144 Bytes frei
.
- - End Of File - - 94E83DCAEAA8582311482351FCC464D3
         

Alt 29.03.2012, 12:06   #8
markusg
/// Malware-holic
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



hattest du zum zeitpunkt des scans usb laufwerke angeschlossen?
f:
l:
und k:
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.03.2012, 12:58   #9
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



Hey,

nur bei K: ist ein usb stick angeschlossen.

f: und i: sind Partitionen.

Oh ich sehe grade das mein Antivir sich seit heute wieder updaten kann bzw. gemacht hat.
Nur bei Malwarbytes geht es weiterhin nicht.

Alt 29.03.2012, 15:47   #10
markusg
/// Malware-holic
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



deaktiviere mal die autorun funktion:
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de


deinstaliere Malwarebytes mal, starte neu, instaliere es neu (frisch runterladen)
schaue obs update jetzt geht.
schließe alle externen speichermedien, wie festplatten, sticks etc an, und mache mit malwarebytes, egal ob update möglich war, nen vollständigen scan, poste das log
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 29.03.2012, 22:16   #11
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



Update hat geklappt

Hier der Log

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Speed-PC :: SPEED [Administrator]

Schutz: Aktiviert

29.03.2012 17:53:54
mbam-log-2012-03-29 (17-53-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1163052
Laufzeit: 4 Stunde(n), 28 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Program Files (x86)\PlayMP3z\PlayMP3.exe (Adware.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
E:\Qoobox\Quarantine\E\Users\Speed-PC\AppData\Local\Temp\arg413708.exe.vir (Trojan.Zbot.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Daten\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Daten\NERO 7.0\Ahead.Nero.v7.0.Ultra.Edition.Incl.Keymaker-EMBRACE_www.9down.com\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
K:\externe fest platte\Video Codecs\DivX 5.02 Pro\DivXPro50XKeymaker.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
L:\spiele\Gothik 3\Gothic3.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 30.03.2012, 11:37   #12
markusg
/// Malware-holic
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



F:\Daten\Nero 8 Keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
F:\Daten\NERO 7.0\Ahead.Nero.v7.0.Ultra.Edition.Incl.Keymaker-EMBRACE_www.9down.com\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne
gestellt.
K:\externe fest platte\Video Codecs\DivX 5.02 Pro\DivXPro50XKeymaker.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
wer keygens nutzt, muss sich über malware nicht wundern,
da deren verwendung illegal ist, ist der suport beendet.
hilfe gibts beim formatieren, daten sichern, pc neu aufsetzen. und absichern.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 30.03.2012, 12:15   #13
Lenn-Art
 
Windows wurde aus Sicherheitsgründen gesperrt - Standard

Windows wurde aus Sicherheitsgründen gesperrt



Entschuldigung habe da nicht mehr dran gedacht und wollte dich/euch damit nicht in verlegenheit bringen.

Ich bedanke mich trotzdem vielmals!!


Antivir läuft wieder, Malwarebytes auch

Antwort

Themen zu Windows wurde aus Sicherheitsgründen gesperrt
akamai, antivir, avgnt, avira, bildschirm, browser, combofix, converter, desktop, error, firefox, geld, helper, internet, internet explorer, mozilla, mp3, problem, scan, schwarze bildschirm, security, security scan, softonic, svchost.exe, system, updates, virus/trojaner, vista, win64, windows



Ähnliche Themen: Windows wurde aus Sicherheitsgründen gesperrt


  1. Ihr Windows wurde aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (3)
  2. Ih Windows Explorer wurde aus Sicherheitsgründen gesperrt BEZAHLE
    Log-Analyse und Auswertung - 17.03.2012 (1)
  3. Windows wurde aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 15.03.2012 (24)
  4. Achtung!Ihr Windows system wurde aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (8)
  5. Achtung ! Aus Sicherheitsgründen wurde ihr Windows-System gesperrt
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (19)
  6. Achtung! Windows wurde aus Sicherheitsgründen gesperrt...
    Plagegeister aller Art und deren Bekämpfung - 12.02.2012 (8)
  7. Windows wurde aus Sicherheitsgründen gesperrt - Virus
    Plagegeister aller Art und deren Bekämpfung - 11.02.2012 (8)
  8. Wiedermal! Windows wurde aus Sicherheitsgründen gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (15)
  9. Aus Sicherheitsgründen wurde Ihr PC gesperrt - Windows Secuirity Center
    Log-Analyse und Auswertung - 02.02.2012 (1)
  10. Windows wurde aus Sicherheitsgründen gesperrt.....
    Plagegeister aller Art und deren Bekämpfung - 27.01.2012 (27)
  11. Aus sicherheitsgründen wurde ihr Windows-System gesperrt!!! :S
    Plagegeister aller Art und deren Bekämpfung - 18.01.2012 (1)
  12. Achtung! Aus Sicherheitsgründen wurde ihr Windows-Programm gesperrt
    Log-Analyse und Auswertung - 17.01.2012 (1)
  13. Windows wurde aus sicherheitsgründen gesperrt. Trojaer -.-
    Log-Analyse und Auswertung - 12.01.2012 (16)
  14. Windows 7 wurde aus Sicherheitsgründen gesperrt
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (23)
  15. Windows (7) wurde aus Sicherheitsgründen gesperrt..... 50€ etc.
    Log-Analyse und Auswertung - 29.12.2011 (2)
  16. Windows wurde aus Sicherheitsgründen blockiert und gesperrt !
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (24)
  17. Windows wurde aus Sicherheitsgründen gesperrt
    Log-Analyse und Auswertung - 22.12.2011 (3)

Zum Thema Windows wurde aus Sicherheitsgründen gesperrt - Hallo, ich habe auch das Problem das ich den Virus/Trojaner habe, durch den der schwarze Bildschirm erscheint mit der Aufforderung Geld zu zahlen. Ich habe Combofix schon durchlaufen lassen und - Windows wurde aus Sicherheitsgründen gesperrt...
Archiv
Du betrachtest: Windows wurde aus Sicherheitsgründen gesperrt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.