Zurck   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder stndig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu knnen, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswrdig ist und bis zur vollstndigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 29.03.2012, 16:54   #1
8flow9
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



hallo liebe admins, als ich heute am laptop sa, kam pltzlich eine meldung: "Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden". Ich hab mir sofort gedacht, dass das eine fake ist, ich hab den laptop ausgemacht und neugestartet. Dann lief er wieder normal, ich hab sofort mal zur Kontrolle den antivir durchjagen lassen und er endeckte ein ''BOO.Tdss'', bevor er noch fertig werden konnte mit dem dursuchen der Viren, kam die Meldung wieder von wegen ''Achtung...''. Kurzerhand hab ich ihn wieder ausgemacht und bin im Internet auf euch gekommen. Ich hoffe ihr knnt mir helfen.

OTL fr Benutzdefinierten scans/fixes

PHP-Code:
All processes killed
========== OTL ==========
ErrorNo service named Partner Service was found to stop!
Service\Driver key Partner Service not found.
File C:\ProgramData\Partner\Partner.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:/value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
File C:\ProgramData\Partner\Partner64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
File C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}\ not found.
File C:\ProgramData\Partner\Partner.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
File C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4Fnot found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:/value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f67a88-f988-11e0-9da5-14dae9cab928}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f67a88-f988-11e0-9da5-14dae9cab928}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3f67a88-f988-11e0-9da5-14dae9cab928}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3f67a88-f988-11e0-9da5-14dae9cab928}\ not found.
File G:\autorun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
Unable to delete ADS C:\ProgramData\Temp:5D458568 .
Unable to delete ADS C:\ProgramData\Temp:3E7393FC .
========== 
FILES ==========
File\Folder C:\ProgramData\Partner\Partner.exe not found.
[
color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows-IP-Konfiguration
Der DNS
-Auflsungscache wurde geleert.
C:\Users\*\Desktop\cmd.bat deleted successfully.
C:\Users\*\Desktop\cmd.txt deleted successfully.
========== 
COMMANDS ==========
 
[
EMPTYTEMP]
 
UserAll Users
 
User
: *
->
Temp folder emptied2250405215 bytes
->Temporary Internet Files folder emptied341578217 bytes
->Java cache emptied2547145 bytes
->FireFox cache emptied57587991 bytes
->Google Chrome cache emptied8375115 bytes
->Flash cache emptied84401 bytes
 
User
: Default
->
Temp folder emptied0 bytes
->Temporary Internet Files folder emptied64068 bytes
 
User
: Default User
->Temp folder emptied0 bytes
->Temporary Internet Files folder emptied0 bytes
 
User
Gast
->Temp folder emptied51002 bytes
->Temporary Internet Files folder emptied113798 bytes
->FireFox cache emptied0 bytes
 
User
: Public
 
%
systemdrive% .tmp files removed0 bytes
%systemroot% .tmp files removed1533399 bytes
%systemroot%\System32 .tmp files removed0 bytes
%systemroot%\System32 (64bit) .tmp files removed0 bytes
%systemroot%\System32\drivers .tmp files removed0 bytes
Windows Temp folder emptied
174743304 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied50434 bytes
RecycleBin emptied
0 bytes
 
Total Files Cleaned 
2.706,00 mb
 
 
OTL by OldTimer 
Version 3.2.39.2 log created on 03292012_163643

Files
\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WTOTUHLF\search_de_bookmarky_com[2].htm not found!

Registry entries deleted on Reboot... 

Gendert von 8flow9 (29.03.2012 um 17:07 Uhr)

Alt 29.03.2012, 17:44   #2
markusg
/// Malware-holic
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



wieso hast du irgendein script ausgefhrt, welches fr deinen pc total nutzlos ist?
poste otl logs, aber nicht in php code, danke.
starte in den abgesicherten modus, ber f8, whle dort das betroffene nutzerkonto, stelle die internet verbindung her
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 29.03.2012, 19:28   #3
8flow9
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



wo finde ich den Extra.txt? ich hab nachdem quickscan nur einen OTL.txt bekommen:

Code:
ATTFilter
OTL logfile created on: 29.03.2012 18:48:22 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\*\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 68,77% Memory free
7,73 Gb Paging File | 6,54 Gb Available in Paging File | 84,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464,59 Gb Total Space | 375,41 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
 
Computer Name: *-THINK | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.29 16:16:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.18 07:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.10.09 13:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.05 17:00:52 | 000,393,648 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011.06.13 20:36:48 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.24 20:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.08.20 15:21:08 | 001,028,096 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2010.07.15 07:23:58 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Stopped] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2010.05.02 22:39:42 | 005,029,888 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcam 7\wService.exe -- (w7Svc)
SRV - [2010.04.20 14:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.04.20 14:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.04.07 07:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.04.07 07:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 05:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.03.05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.03.05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.03.05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.04 06:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.11.04 06:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.29 18:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.15 16:30:03 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.14 18:45:42 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.24 20:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.07.15 07:23:48 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.04.23 02:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.17 23:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010.03.17 12:30:36 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.02.08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.15 06:23:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 06:23:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 06:23:00 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.13 16:26:02 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:58 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.18 07:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.09 13:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009.10.09 13:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009.09.29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 07:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.10.08 07:15:12 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2008.05.12 11:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2010.11.12 03:34:44 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{411667F3-1EEA-4F58-9850-2525C651412A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{4F5F9991-82CD-4957-9A29-EC000941F408}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\*\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.29 00:20:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 17:36:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.09 10:51:30 | 000,000,000 | ---D | M]
 
[2012.01.21 20:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2012.02.04 13:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\x6at69xk.default\extensions
[2012.03.17 17:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X6AT69XK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.17 17:36:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.09 10:51:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 08:36:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 08:36:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 08:36:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 08:36:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 08:36:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 08:36:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: uTorrentBar_DE = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.0.15_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SkypePM] C:\Users\*\AppData\Local\Skype\SkypePM.exe File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gert senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gert senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gert senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gert senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gert... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CA8377-784B-4C97-BFDC-BEAD7B493294}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7996FEB7-7A31-4290-8873-528C4A4C4FB0}: DhcpNameServer = 134.130.4.1 134.130.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{907D433A-C1FC-4B06-BF0A-73E3FC86F1DF}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7c619b94-193a-11e0-86f3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7c619b94-193a-11e0-86f3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 17:12:55 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup317.exe
[2012.03.29 16:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.29 16:56:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.29 16:36:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.29 16:15:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.03.20 18:36:08 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Lan
[2012.03.20 17:03:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\OpenArena
[2012.03.20 17:03:50 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\teamspeak2
[2012.03.20 17:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2
[2012.03.20 17:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2
[2012.03.09 10:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.09 10:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.04 19:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.03.04 19:48:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.03.02 17:09:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.02.29 16:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2012.02.29 15:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[1 C:\Users\*\Documents\*.tmp files -> C:\Users\*\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.29 18:46:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.29 18:46:18 | 3111,542,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.29 18:36:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.29 18:36:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.03.29 17:13:23 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Users\*\Desktop\ccsetup317.exe
[2012.03.29 17:10:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1773504094-2451365700-452311711-1000UA.job
[2012.03.29 17:10:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1773504094-2451365700-452311711-1000Core.job
[2012.03.29 16:56:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.29 16:47:47 | 000,015,568 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 16:47:47 | 000,015,568 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.29 16:24:25 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.29 16:24:25 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.29 16:24:25 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.29 16:24:25 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.29 16:24:25 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.29 16:16:24 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2012.03.27 22:16:55 | 011,505,380 | ---- | M] () -- C:\Users\*\Documents\Xperia_Mini_Pro_handbuch.pdf
[2012.03.14 15:51:25 | 000,319,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 09:19:42 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\*\Documents\*.tmp files -> C:\Users\*\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.29 16:56:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.27 22:16:55 | 011,505,380 | ---- | C] () -- C:\Users\*\Documents\Xperia_Mini_Pro_handbuch.pdf
[2012.02.28 18:32:23 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.05 23:56:43 | 000,000,240 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.05 23:56:42 | 000,000,320 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.05 23:56:33 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.01.06 04:10:27 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.06 03:56:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2012.03.29 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox
[2011.12.11 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoft
[2011.07.20 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.25 18:25:11 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Guitar Pro 6
[2011.03.30 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\InterVideo
[2012.03.20 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenArena
[2011.02.13 23:17:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2012.03.16 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SoftGrid Client
[2011.11.18 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2011.08.28 11:55:13 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Temp
[2011.04.11 16:56:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\The Creative Assembly
[2012.02.28 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TP
[2011.10.05 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ulead Systems
[2011.02.27 10:05:40 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Update
[2011.11.20 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent
[2011.09.04 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zoner
[2012.03.29 17:10:01 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1773504094-2451365700-452311711-1000Core.job
[2012.03.29 17:10:02 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1773504094-2451365700-452311711-1000UA.job
[2012.03.29 18:36:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.03.26 19:39:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.29 18:36:00 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.01.21 23:17:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.24 19:28:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.25 22:04:56 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.04 22:22:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.06 04:05:50 | 000,000,000 | ---D | M] -- C:\Intel
[2011.01.06 12:24:41 | 000,000,000 | ---D | M] -- C:\mfg
[2012.03.02 17:09:44 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.28 18:32:14 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.29 16:56:47 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.14 16:05:32 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.02.04 22:22:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.27 20:52:44 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2011.05.01 14:14:05 | 000,000,000 | ---D | M] -- C:\swshare
[2011.02.04 22:39:34 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2012.03.29 16:33:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.03.14 15:43:24 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.29 16:38:33 | 000,000,000 | ---D | M] -- C:\Windows
[2012.03.29 16:36:43 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.01.06 12:43:32 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.01.06 12:42:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.01.06 12:43:32 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.01.06 12:42:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.01.06 12:43:32 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.01.06 12:42:05 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.01.06 12:43:32 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.01.06 12:42:05 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\SWTOOLS\DRIVERS\IMSM\iaStor.sys
[2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.01.15 22:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.01.06 12:43:32 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.01.06 12:43:32 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.29 18:45:31 | 003,932,160 | -HS- | M] () -- C:\Users\*\NTUSER.DAT
[2012.03.29 18:45:31 | 000,262,144 | -HS- | M] () -- C:\Users\*\ntuser.dat.LOG1
[2011.02.04 22:22:20 | 000,000,000 | -HS- | M] () -- C:\Users\*\ntuser.dat.LOG2
[2011.02.04 19:02:12 | 000,065,536 | -HS- | M] () -- C:\Users\*\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.02.04 19:02:12 | 000,524,288 | -HS- | M] () -- C:\Users\*\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.02.04 19:02:12 | 000,524,288 | -HS- | M] () -- C:\Users\*\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.02.04 22:22:20 | 000,000,020 | -HS- | M] () -- C:\Users\*\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
__________________

Alt 29.03.2012, 21:07   #4
markusg
/// Malware-holic
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



Combofix darf ausschlielich ausgefhrt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgefhrt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese knnen Combofix bei der Arbeit stren.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nchsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlssel einem ungltigen Vorgang zu unterziehen, der zum Lschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdchtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns untersttzen mchtet

Alt 29.03.2012, 22:46   #5
8flow9
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



logfile vom Combofix:

Code:
ATTFilter
ComboFix 12-03-29.02 - * 29.03.2012  21:39:53.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3957.2756 [GMT 2:00]
ausgefhrt von:: c:\users\*\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Lschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\*\AppData\Local\Skype\SkypePM.exe
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Data Restore.lnk
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Restore\Uninstall Data Restore.lnk
c:\users\*\Documents\CyberLink.5.0.1306.18441__YUC120105-01.tmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-28 bis 2012-03-29  ))))))))))))))))))))))))))))))
.
.
2012-03-29 20:22 . 2012-03-29 20:22	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2012-03-29 20:22 . 2012-03-29 20:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-29 14:56 . 2012-03-29 14:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 14:36 . 2012-03-29 14:36	--------	d-----w-	C:\_OTL
2012-03-27 07:04 . 2012-03-14 03:27	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA0DAC1-1FCB-40BD-B7FA-230243622CD9}\mpengine.dll
2012-03-20 15:03 . 2012-03-20 15:04	--------	d-----w-	c:\users\*\AppData\Roaming\OpenArena
2012-03-20 15:03 . 2012-03-20 15:03	--------	d-----w-	c:\users\*\AppData\Roaming\teamspeak2
2012-03-20 15:03 . 2012-03-20 15:03	--------	d-----w-	c:\program files (x86)\Teamspeak2_RC2
2012-03-17 15:36 . 2012-03-17 15:36	592824	----a-w-	c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 15:36 . 2012-03-17 15:36	44472	----a-w-	c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 11:19 . 2011-11-19 15:20	5559152	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 11:19 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 11:19 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:33 . 2012-02-03 04:34	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 09:33 . 2012-02-10 06:36	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 09:33 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-03-14 09:32 . 2012-01-25 06:38	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 09:32 . 2012-01-25 06:38	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:32 . 2012-01-25 06:33	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:32 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 09:32 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:32 . 2012-02-17 04:58	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:32 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-09 08:51 . 2012-03-09 08:51	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-03-09 08:51 . 2012-03-09 08:51	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-03-09 08:51 . 2012-03-09 08:51	--------	d-----w-	c:\program files (x86)\Java
2012-03-04 17:48 . 2012-03-04 17:49	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-03-02 15:09 . 2012-03-02 15:09	--------	d-----r-	C:\MSOCache
2012-02-29 13:33 . 2012-02-29 14:34	--------	d-----w-	c:\programdata\VirtualizedApplications
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 08:51 . 2011-02-13 12:40	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-03-01 12:22 . 2011-10-09 21:01	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2011-02-11 15:59	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 14:30 . 2011-10-18 10:28	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-14 16:45 . 2012-01-14 16:45	54824	----a-w-	c:\windows\system32\drivers\btusbflt.sys
2012-01-04 10:44 . 2012-02-15 13:39	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 13:39	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48	354176	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrge & legitime Standardeintrge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-01-17 175912]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2011-01-17 14:54	175912	----a-w-	c:\program files (x86)\Winload\prxtbWinl.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
2011-05-09 09:49	176936	----a-w-	c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-02-01 13:58	1499440	----a-w-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-02-01 1499440]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files (x86)\Winload\prxtbWinl.dll" [2011-01-17 175912]
"{c840e246-6b95-475e-9bd7-caa1c7eca9f2}"= "c:\program files (x86)\uTorrentBar_DE\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-23 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2011-03-13 114992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-11-11 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
"Kodak Printer Installer C4USelfUpdater"="c:\programdata\Kodak\Temp\C4USelfUpdater.exe" [2011-12-20 41392]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-07-15 199272]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-11-12 25072]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 w7Svc;webcam 7 Service;c:\program files (x86)\webcam 7\wService.exe [2010-05-02 5029888]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber fr Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1773504094-2451365700-452311711-1000Core.job
- c:\users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 15:05]
.
2012-03-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1773504094-2451365700-452311711-1000UA.job
- c:\users\*\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-23 15:05]
.
2012-03-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-01-27 22:29]
.
2012-03-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2011-01-27 22:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zustzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = 
IE: Bild an &Bluetooth-Gert senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\*\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gert senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{15CA8377-784B-4C97-BFDC-BEAD7B493294}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\x6at69xk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig?hl=de
.
- - - - Entfernte verwaiste Registrierungseintrge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-SkypePM - c:\users\*\AppData\Local\Skype\SkypePM.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\w7Svc]
"ImagePath"="c:\program files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-29  22:43:33
ComboFix-quarantined-files.txt  2012-03-29 20:43
.
Vor Suchlauf: 12 Verzeichnis(se), 402.907.639.808 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 402.532.036.608 Bytes frei
.
- - End Of File - - 1DB416531964B9092D228DB1EBF6C639
         


Alt 30.03.2012, 10:31   #6
markusg
/// Malware-holic
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



ffne bitte malwarebytes, logdateien, poste alle berichte
__________________
--> Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden

Alt 30.03.2012, 10:53   #7
8flow9
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



Code:
ATTFilter
2012/01/22 11:37:30 +0100	*-THINK	*	MESSAGE	Starting protection
2012/01/22 11:37:32 +0100	*-THINK	*	MESSAGE	Protection started successfully
2012/01/22 11:37:35 +0100	*-THINK	*	MESSAGE	Starting IP protection
2012/01/22 11:37:36 +0100	*-THINK	*	MESSAGE	IP Protection started successfully
2012/01/22 11:38:14 +0100	*-THINK	*	MESSAGE	Executing scheduled update:  Daily
2012/01/22 11:38:15 +0100	*-THINK	*	MESSAGE	Database already up-to-date
2012/01/22 11:49:09 +0100	*-THINK	*	IP-BLOCK	212.117.167.133 (Type: outgoing, Port: 51284, Process: firefox1.exe)
2012/01/22 11:49:09 +0100	*-THINK	*	IP-BLOCK	212.117.167.133 (Type: outgoing, Port: 51287, Process: firefox1.exe)
2012/01/22 11:49:41 +0100	*-THINK	*	IP-BLOCK	31.214.172.22 (Type: outgoing, Port: 51384, Process: firefox1.exe)
2012/01/22 11:49:41 +0100	*-THINK	*	IP-BLOCK	212.117.167.133 (Type: outgoing, Port: 51389, Process: firefox1.exe)
2012/01/22 11:49:41 +0100	*-THINK	*	IP-BLOCK	31.214.172.22 (Type: outgoing, Port: 51392, Process: firefox1.exe)
2012/01/22 12:43:29 +0100	*-THINK	*	IP-BLOCK	193.107.16.78 (Type: outgoing, Port: 53880, Process: firefox1.exe)
2012/01/22 13:00:51 +0100	*-THINK	*	IP-BLOCK	206.161.121.2 (Type: outgoing, Port: 54824, Process: iexplore.exe)
2012/01/22 13:00:59 +0100	*-THINK	*	IP-BLOCK	67.29.139.199 (Type: outgoing, Port: 54864, Process: iexplore.exe)
         
Code:
ATTFilter
PK    CE~@^2'   '      mimetypeapplication/vnd.oasis.opendocument.textPK    CE~@               Configurations2/statusbar/PK   CE~@           '   Configurations2/accelerator/current.xml PK    CE~@               Configurations2/floater/PK    CE~@               Configurations2/popupmenu/PK    CE~@               Configurations2/progressbar/PK    CE~@               Configurations2/toolpanel/PK    CE~@               Configurations2/menubar/PK    CE~@               Configurations2/toolbar/PK    CE~@               Configurations2/images/Bitmaps/PK  CE~@               content.xmlWm&_a_*[&VfOj?XT.8 vluUl3<03іiÕǓ8*r=</Wy)K3EIP%-#`Ky\i*bI%)I-MUdJ
cb0݃lvv(aOye3Md*vJ
^3/v˿2ŸQ=)Ɠ;g[i++-<*	<Mp-%CsخK*bɋzpEl=׆w
O,rb7=9y0ZP[{*y9x+ZW!lPt<q]_ך[;pzN*mUq)h`@$lʴ-|C0݂M֫ݰup¥D#]zW֬Tڶɇ7Lִmcѿl],wf>ldYNz.g%-+n%DBH
APeaZ<0;g,ٯ H	;M|0_L{hd#,VY>Y>Ahn9gIN(K2FY܇vԊ0vK"DLN)731 oI̻3`4gzw0щJMLB`*cZ@Jn)XC+^*yf,1}/yŵ jM͍N{񽱬:Z/ޜvzku@ZAN*\iR*۷w]aTpgoF^qS
OTeN)zt~*s&eO͢o7+)\}V|kN˲Wbh7)kR4Cos~ x~D#~F	zzD!8h؉t	>*_;BɑDk\H'U ?,<Va(#|Ra_PK҅
  -  PK   CE~@O        manifest.rdfAN0E=i
tA5I#OqH{{L
		ޟq?={:t%OŎ3֝kK>&jSQ#iG*J~
aT <9[H<)H>'0V8JS]oWTj4$PSG	-LGM0*f{#S(9-PVT4`]z_=K{YX'Mڇ[.Dg_?z$,-ҾU-`jPK  CE~@            
   styles.xmlZMWZ$7Z{gL; ;9*%bV)Dɔ[3ݝЀYbիx*őpAY*X2f	-_?=KSm DBs"й[#5/*%.x*RN[W{2-Z-It}~ZptS{v>Ŭ#/N9-6Y6wKalB-;JD
&hV O.u'|64X⋨a6#	h%{},<@}/接tPŜViU$vwZ݇淣\Uo8;Uq8+|*^"GESդ'-?TΑt~t]zeȧKI*'Wܹ!ՀHI*\j`MVz*Jy/RvEc2}BU!K5O%>22()	JHMzv[>(X@Zg+	P3ib.}+&<R4YjN	W&
;:*ERNK/*1{JO$yΡϿ׺8Kl5xk¯#Tj!>=h/$~/Ɯ	ONd7#&/m3:opfiLH~Z*KƁmC&l+2}A$:.?=H(a`CEp91N8W맫GF|
+\-,9̣2Cf,y턻k\xH#\K Є0*־b	qi%j*\SjLZu90=4ɴ۝b6 BYx"e#AѺ-׿
f!X_qi{شkf%*%+Ҟ4aftl9!̜<0`UFJ@9N`eBڗ]P2lA;grX`b%<,YPB!J5q>! >;N&֗KD&g{=v!6njDXfiPjT^@}vON\V=FPu9KF5esR!Df*r깁e2$<	&S/B{}\Is]!+DW4^gsE*@V%~*Ⱦ}ϤTNX=u+륳K'|U{Q"/75
Y|y'>졾V9>;Yz=,3+͕ə1G\rA W93h*[?-˻<\M'jTas̾z:4oyt#3O_]+XON%$7wj.\W@NFy2iryK6JՕw4o.P;IƯ|K
9]Fsr$ynȦ`nPDxtPŶ:+b#DW===!-
uc
A֐Ϧ.p(v|Uي	@x W&'8{'
)<g")*zEڕ7GƐ^?N 	F87`~XOKF@#pcH?>>M KFH#^/WwЕ7GƐ^?CW2BC_K̏){h#xsMA}\CW2
^P_2IC˔j 1~B36/GD]hFQ8#QKʞHwL~*yHo;*/7̇NkGAŶ2Bs-_=VObd gˈEK/pl[E-	 #|,'g J8_R/82_Ltw)F:449z17C>usQWG* 5gX	>J'ZEJO'*460r~2a%N;`ƦLKC=.

,:hmtaCPK#]s#  v-  PK    CE~@Oiv       meta.xml<?xml version="1.0" encoding="UTF-8"?>
<office:document-meta xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0" xmlns:xlink="hxxp://www.w3.org/1999/xlink" xmlns:dc="hxxp://purl.org/dc/elements/1.1/" xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0" xmlns:ooo="hxxp://openoffice.org/2004/office" xmlns:grddl="hxxp://www.w3.org/2003/g/data-view#" office:version="1.2" grddl:transformation="hxxp://docs.oasis-open.org/office/1.2/xslt/odf2rdf.xsl"><office:meta><meta:document-statistic meta:table-count="0" meta:image-count="0" meta:object-count="0" meta:page-count="1" meta:paragraph-count="1" meta:word-count="8" meta:character-count="142"/><meta:generator>OpenOffice.org/3.3$Win32 OpenOffice.org_project/330m20$Build-9567</meta:generator></office:meta></office:document-meta>PK  CE~@               Thumbnails/thumbnail.png3 o<3z՜yHg'i>UV3ݐzHDn۴+ZaDrn,)rt+|SOAҐʄ[V  Q7 &g$i
 "o; 
͝aVOKMJM"OaqnW^,5y`RܷTgJ:%=*۾S3GޘoUXID6-BGc	bz~`IqKW~A(^T+vYDe/z[p'ؚ.b8q<Ilqj	Cт9oQվDS8#bFLg,eiillBiwS|RØ<l-r/ٴt:x޲f-E;"oEac3}rBF~e*lY$^5
Fqwj
`p*}B>,\, Zh87&tFʗ QDwaqE8X]:*~B-/2b?ۨf*JFkGnu}hING͛^$E!ڐ41#;a_2F;dHrwUյ۾*XY!v;* >`eϓr*NׇO@Mzoνǹ6 U߽SdG0ׯNF_q}r[[!*)a7ff̥m鬕|mBG(?z:A
ORwqBIAU%Q=~bK:L̾SIr9yjwTjq&yv_
khכXbUmxPb\{yIOzW
{e
ʊf6Pʆe}IAY?DpR= uDeVذ{a
iNIGUYXW<sEkzOJc !
ʹ}0T̥"s۱Si:

VWFNd8\0*褜ACS2?N qQ=WҿPK>89E  b  PK  CE~@               settings.xmlZQs8~_;^g˴첥7X)ONB4%K'}RzyWP5d!;yܩ|>71H"Zhԍ(@nHn*1ͶՍTYd%\yscF\.ϗfM5}Y*١U!"!;LVf{g!߹kn1y+~*@d}s?GHek޾}A}lyc1xmuWR{05ľɽT.'|	q9s&g*L05J8]R!I2_X\2\ZnuTmE״q|qMM*\֎DaJ=5S"tX]Bc0*Bޑ"FcfsTP*11mI$ќKB\λ~**8呾E8J<S_@=H3Ta8`bЎ1up'̀*:
d~ %}͙$20IRs`ilׄS{Cfrx'4mDb_ݗ6s{W˶@BIz_ج*wD'
JT
)h384S.H-Eiʉp4T	:)\CDZ?1ڑoHU%pP{37p}⒩W=RTava<$C`!JvqwQdA+p(5Aae^r 8g
ʞIF"EdN#NA.ӝITJ%f&MW>%& zJOѕaV/Ö`r)YLpʎ|)Ѥ)̑}Ofd(އPS[| pA?8*TF*J	y+
 ~/+
,t*P%\jR6=цOX#	-l
G,RAQhO> \YAW}> wL~GcZ}!U
1W<j
lrQZP*#X)Lv()by/ueYy^Acيv2)1u+%D?(u߈	|8aogQqρ,fsopT,AI&~S1KjF_L*Rri<[e@	EKUGч0sY]:u.~*LߺD=*DP$~:)z<[tf6q,Q,lIsijGcbqTZA*Z PKd.T     PK  CE~@               META-INF/manifest.xmln!n֫fj&} ή$}Yuڦ2 |BD]˞)i7c^an= 5A9<M[kD! *Yp|oF:@:*Ӳ}VOu?	vλ'Y&}26-L\ʛwR<xÙ@p-cySJ1gKBH"`&ML2EVU2ޥ0q򤹚J
.g>+IŮq\9ޑZ y޹$vRt{߷@SiOPKbZ  $  PK     CE~@^2'   '                    mimetypePK     CE~@                         M   Configurations2/statusbar/PK    CE~@           '                Configurations2/accelerator/current.xmlPK     CE~@                            Configurations2/floater/PK     CE~@                           Configurations2/popupmenu/PK     CE~@                         :  Configurations2/progressbar/PK     CE~@                         t  Configurations2/toolpanel/PK     CE~@                           Configurations2/menubar/PK     CE~@                           Configurations2/toolbar/PK     CE~@                           Configurations2/images/Bitmaps/PK   CE~@҅
  -               U  content.xmlPK    CE~@O                  ?  manifest.rdfPK   CE~@#]s#  v-  
             ]  styles.xmlPK     CE~@Oiv                   meta.xmlPK   CE~@>89E  b                 Thumbnails/thumbnail.pngPK   CE~@d.T                    settings.xmlPK   CE~@bZ  $                 META-INF/manifest.xmlPK      p  w
         
wenn ich jedoch malwarebytes ffne und auf Logdateien klicke, zeigt er mir an dass es drei berichte gibt. die kann ich aber dann nur mit word ffnen und es sieht unleserlich aus. soll ich trotzdem schicken? Im ordner selbst gibt es jedoch nur 2 berichte.

Gendert von 8flow9 (30.03.2012 um 11:11 Uhr)

Alt 30.03.2012, 11:49   #8
markusg
/// Malware-holic
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



ne, dann mal updaten, komplett scan und das log posten bitte
__________________
-Verdchtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns untersttzen mchtet

Alt 30.03.2012, 13:09   #9
8flow9
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.30.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfhig)
Internet Explorer 9.0.8112.16421
* :: *-THINK [Administrator]

Schutz: Deaktiviert

30.03.2012 12:14:21
mbam-log-2012-03-30 (12-14-21).txt

Art des Suchlaufs: Vollstndiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346346
Laufzeit: 39 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bsartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bsartigen Objekte gefunden)

Infizierte Registrierungsschlssel: 0
(Keine bsartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bsartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bsartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bsartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\*\Desktop\Lan\Call of Duty 4 - Modern Warfare_v1.0.525_Phil\#readme#\rzr-cod4-keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelscht und in Quarantne gestellt.

(Ende)
         
soll ich den trojaner, welcher in der quartne ist, lschen?

Alt 30.03.2012, 16:49   #10
markusg
/// Malware-holic
 
Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - Standard

Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden



C:\Users\*\Desktop\Lan\Call of Duty 4 - Modern Warfare_v1.0.525_Phil\#readme#\rzr-cod4-keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelscht und in Quarantne
da illegal, ist hier der suport beendet, es gibt nur hilfe beim formatieren, neu aufsetzen und pc absichern.
__________________
-Verdchtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns untersttzen mchtet

Antwort

Themen zu Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden
50 bezahlen, achtung, admins, antivir, bezahlen, downloaden, fake, fertig, gesperrt, heute, hoffe, infiziert, inter, interne, internet, konnte, kontrolle, laptop, liebe, meldung, microsoft, moved, pltzlich, searchscopes, sofort, system, trojaner, viren



hnliche Themen: Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden


  1. Achtung!Ihr Windows system wurde aus Sicherheitsgrnden gesperrt
    Plagegeister aller Art und deren Bekmpfung - 01.03.2012 (8)
  2. Gehe zum ersten neuen Beitrag Achtung ! Aus Sicherheitsgrnden wurde ihr Windows-System gesperrt
    Plagegeister aller Art und deren Bekmpfung - 22.02.2012 (27)
  3. Achtung ! Aus Sicherheitsgrnden wurde ihr Windows-System gesperrt
    Plagegeister aller Art und deren Bekmpfung - 20.02.2012 (19)
  4. Windows 7: Achtung Ihr Windows wurde aus Sicherheitsgrnden gesperrt! Bezahlen und runterladen
    Log-Analyse und Auswertung - 17.02.2012 (2)
  5. Achtung! Computer wurde gesperrt! 50euro bezahlen!
    Plagegeister aller Art und deren Bekmpfung - 12.02.2012 (1)
  6. Achtung Windows gesperrt! 50 bezahlen damit es wieder funktioniert!
    Log-Analyse und Auswertung - 07.02.2012 (18)
  7. Achtung! Aus Sicherheitsgrnden wurde Ihr Windowssystem Blockiert, "Bezahlen nd Downloaden"
    Log-Analyse und Auswertung - 23.01.2012 (3)
  8. Achtung aus Sicherheitsgrnden wurde ihr System blockiert! 50 uro bezahlen!
    Log-Analyse und Auswertung - 13.01.2012 (41)
  9. Achtung Aus Sicherheitsgruenden wurde Ihr System blockiert... bezahlen... sonst
    Plagegeister aller Art und deren Bekmpfung - 13.01.2012 (18)
  10. Achtung: Ihr System wurde gesperrt
    Plagegeister aller Art und deren Bekmpfung - 09.01.2012 (12)
  11. aus sicherheitsgrnden wurde ihr system gesperrt - 50 euro bezahlen
    Plagegeister aller Art und deren Bekmpfung - 07.01.2012 (8)
  12. aus sicherheitsgrnden wurde ihr system gesperrt - 50 euro bezahlen
    Log-Analyse und Auswertung - 06.01.2012 (17)
  13. aus Sicherheitsgrnden wurde ihr System gesperrt - 50 Euro bezahlen...
    Alles rund um Windows - 02.01.2012 (2)
  14. Aus SIcherheitsgrnden wurde WIndows gesperrt, Bitte Bezahlen und Downloaden.
    Plagegeister aller Art und deren Bekmpfung - 02.01.2012 (7)
  15. Hier auch: Win 7 - System aus Sicherheitsgrnden gesperrt - bezahlen und downloaden
    Log-Analyse und Auswertung - 02.01.2012 (1)
  16. "Achtung! Aus Sicherheitsgrnden wurde ihr System gesperrt"
    Log-Analyse und Auswertung - 29.12.2011 (3)
  17. "Aus Sicherheitsgrnden wurde ihr System blockiert... bezahlen und downloaden..."
    Log-Analyse und Auswertung - 21.12.2011 (3)

Zum Thema Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden - hallo liebe admins, als ich heute am laptop sa, kam pltzlich eine meldung: "Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden". Ich hab mir sofort gedacht, dass das - Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden...
Archiv
Du betrachtest: Achtung Microsoft System wurde infiziert und gesperrt bezahlen und downloaden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.