Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2012, 22:22   #1
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Hallo ihr Lieben,
kenne mich leider nicht so gut mit Trojanern/Viren und Co aus und deshalb wende ich mich an euch.

Vor ein paar Tagen hat mich ein Bundespolizei-Trojaner erwischt, da noch nicht mal der Task-Manager über STRG + ALT + Entf geöffnet werden konnte, habe ich den Pc im abgesichtern Modus gestartet und eine Systemwiederherstellung vom Vortag durchgeführt. Daraufhin hat wieder alles funktioniert. Ich habe dann
Avast und Microsoft Security Essentials komplett durchlaufen lassen im vollständigen Scan und MSE hat etwas gefunden und ich habe es gelöscht , hab jetzt gelesen, dass das nicht so gut war und ich es besser unter Quarantäne gestellt hätte.
Da ich mir unsicher war, ob ich wirklich nicht noch etwas auf meinem Pc habe, habe ich Malwarebytes Anti Malware als Testversion herunter geladen und 6 infizierte Registrierungsschlüssel im vollständigen Scan gefunden (keine Aktion durchgeführt) und eine infizierte Datei (keine Aktion durchgeführt). Leider habe ich da auch alles gelöscht . Aber ich habe noch die 3 Logdatein.

Zitat:
Malwarebytes Anti-Malware (Test)
Schutz: Aktiviert

24.07.2012 18:38:47
mbam-log-2012-07-24 (18-38-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406202
Laufzeit: 3 Stunde(n), 2 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCR\CLSID\{815A7C14-BFD5-42E3-AF91-464085E0EEA4} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{815A7C14-BFD5-42E3-AF91-464085E0EEA4} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{815A7C14-BFD5-42E3-AF91-464085E0EEA4} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{815A7C14-BFD5-42E3-AF91-464085E0EEA4} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

(Ende)
Betriebssystem: Windows 7
x86 basierter- PC = 32bit System

Was mache ich denn jetzt am besten? Bin komplett überfragt. Normalerweise hätte ich gedacht, dass es schon ausreicht die infizierten Datein etc. zu löschen; jedoch habe ich jetzt des öfteren gelesen, dass das nicht ausreicht. Hoffe ja meinen Pc nicht platt machen zu müssen .

Wäre für eure Hilfe sehr dankbar .
Ganz liebe Grüße
FraHi

Geändert von FraHi (24.07.2012 um 22:29 Uhr)

Alt 25.07.2012, 02:22   #2
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
- Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
- Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
- Unter Extra Registry, wähle bitte Use SafeList
- Klicke nun auf Run Scan links oben
- Wenn der Scan beendet wurde werden 2 Logfiles erstellt
- Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 25.07.2012, 10:59   #3
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Hallo John,
danke für deine Antwort um die Uhrzeit war ich auch noch wach und habe das --> http://www.trojaner-board.de/69886-a...-beachten.html alles durchgeführt .
Zitat:
Schritt 2
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
#Schliesse bitte nun alle Programme. (Wichtig)
#Starte bitte die OTL.exe.
#Klicke nun bitte auf den Quick Scan Button.
#Wenn der Scan beendet wurde, werden 2 Textdokumente erstellt.
#Kopiere nun den Inhalt aus OTL.txt und Extra.txt in deinen Thread
War das auch richtig? Deine Erklärung hört sich etwas anders an. Kann das aber auch nochmal anders durchführen.

Gespeichert vorliegen habe ich die OTL EXTRAS und GMER Datei. Bin mir nur nicht sicher was ich davon hier rein kopieren soll, an sich stand in der Hilfe ja alle Datein. Was muss ich aus Datenschutzgründen löschen?

Malwarebytes Anti-Malware Vollscan habe ich schon durchgeführt und nur leider alles gelöscht anstatt es nur in Quarantäne zu lassen. Jedoch habe ich dort noch die Logdatein, im ersten Thread habe ich eine von 3en rein kopiert.

Hier schonmal die OTL Logdatei
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 25.07.2012 00:25:00 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Hilde\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,07 Mb Total Physical Memory | 290,67 Mb Available Physical Memory | 28,44% Memory free
2,00 Gb Paging File | 0,82 Gb Available in Paging File | 40,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 39,20 Gb Free Space | 26,32% Space Free | Partition Type: NTFS
 
Computer Name: HILDE-PC | User Name: Hilde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 00:22:01 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hilde\Downloads\OTL.exe
PRC - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012.07.23 16:14:01 | 001,147,488 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.09.26 00:43:58 | 001,115,528 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAC8SWK.EXE
PRC - [2008.09.25 12:07:58 | 000,181,624 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2007.10.09 07:23:32 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2007.09.05 23:48:00 | 000,406,944 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.23 16:14:18 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012.07.23 16:14:01 | 001,147,488 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012.07.19 08:58:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.12 17:11:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.04.17 18:53:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Hilde\AppData\Local\Temp\ugloipob.sys -- (ugloipob)
DRV - [2012.07.24 23:56:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.07.24 22:39:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{485C2084-5D22-4D16-ACD2-60034E353515}\MpKsl14b22b64.sys -- (MpKsl14b22b64)
DRV - [2012.07.23 16:14:21 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.11.28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 19:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 14:02:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.09.27 14:02:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.04.29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007.03.07 16:28:42 | 000,167,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aver7700.sys -- (aver7700)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.24 21:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005.11.14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 0E B4 C0 D2 AC CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111378&babsrc=SP_ss&mntrId=40517db30000000000000040d0a474c6
IE - HKCU\..\SearchScopes\{86BED112-CFE1-4D22-BE45-637C306DD91A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_ptnrs=&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43&apn_dtid=OSJ000&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.23 16:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 08:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.13 02:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.24 18:34:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 08:58:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.13 02:12:30 | 000,000,000 | ---D | M]
 
[2010.04.11 22:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Extensions
[2010.04.11 22:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.13 10:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Firefox\Profiles\l7lb6j5r.default\extensions
[2012.03.30 12:01:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hilde\AppData\Roaming\mozilla\Firefox\Profiles\l7lb6j5r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.24 18:11:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.13 02:12:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.19 08:58:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 14:58:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.23 16:13:54 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.02 00:22:52 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.19 14:58:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 14:58:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 14:58:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 14:58:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 14:58:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Codecv Class) - {815A7C14-BFD5-42E3-AF91-464085E0EEA4} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\Hilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hilde\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3530269C-7AD8-424E-8C18-4CFA33FECDF5}: DhcpNameServer = 192.168.100.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5B76002-FDDE-4FF1-8BEB-1F46BAF14A25}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell\AutoRun\command - "" = D:\XA.EXE redirect.htm
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell - "" = AutoRun
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.24 23:55:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.23 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Roaming\Malwarebytes
[2012.07.23 17:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 17:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 17:52:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.23 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.23 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Local\AVG Secure Search
[2012.07.23 16:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.23 16:14:20 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.23 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.23 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.23 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Roaming\TuneUp Software
[2012.07.23 16:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.23 16:06:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.23 16:06:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.22 08:03:17 | 000,000,000 | -HSD | C] -- C:\found.025
[2012.07.13 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.07.13 02:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.07.13 02:12:30 | 000,476,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.13 02:12:30 | 000,157,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.13 02:12:30 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.13 02:12:30 | 000,149,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.13 01:34:12 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.12 20:35:47 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.12 20:35:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.12 20:35:02 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.12 13:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ywbcinzvddorazu
[2012.07.10 07:32:11 | 000,000,000 | -HSD | C] -- C:\found.024
[2012.07.08 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Hilde\Desktop\Hochzeitsvorbereitungen Jule und Thorsten
[2012.07.05 23:43:07 | 000,000,000 | -HSD | C] -- C:\found.023
[2012.06.30 22:42:57 | 000,000,000 | -HSD | C] -- C:\found.022
[2012.06.27 20:55:13 | 000,000,000 | -HSD | C] -- C:\found.021
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.25 00:20:11 | 000,000,000 | ---- | M] () -- C:\Users\Hilde\defogger_reenable
[2012.07.25 00:10:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.24 23:56:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.07.24 18:53:51 | 000,017,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 18:53:51 | 000,017,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.24 18:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.24 18:35:32 | 803,786,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.23 17:53:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.23 16:14:21 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.17 21:13:28 | 000,274,579 | ---- | M] () -- C:\Users\Hilde\Desktop\wohngeld_mietzuschuss.pdf
[2012.07.13 02:12:11 | 000,157,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.07.13 02:12:10 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.07.13 02:12:10 | 000,149,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.07.13 02:12:08 | 000,476,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.07.13 02:12:07 | 000,472,880 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.07.13 01:45:47 | 000,347,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 17:11:16 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 17:11:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.12 13:17:04 | 000,000,051 | ---- | M] () -- C:\ProgramData\boxtbsxavutwzwc
[2012.07.09 18:02:57 | 000,658,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 18:02:57 | 000,618,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 18:02:57 | 000,131,686 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 18:02:57 | 000,107,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.25 00:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Hilde\defogger_reenable
[2012.07.23 17:53:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 21:13:28 | 000,274,579 | ---- | C] () -- C:\Users\Hilde\Desktop\wohngeld_mietzuschuss.pdf
[2012.07.12 13:16:48 | 000,000,051 | ---- | C] () -- C:\ProgramData\boxtbsxavutwzwc
[2011.06.21 08:00:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.13 17:02:00 | 000,009,071 | ---- | C] () -- C:\Users\Hilde\.recently-used.xbel
[2010.12.11 18:13:53 | 000,001,459 | ---- | C] () -- C:\Users\Hilde\gsview32.ini
[2010.11.12 18:23:07 | 000,000,337 | ---- | C] () -- C:\Users\Hilde\AppData\Local\Perfmon.PerfmonCfg
[2010.09.27 14:02:16 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.27 14:02:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.21 00:17:17 | 000,034,693 | ---- | C] () -- C:\Windows\scunin.dat
[2010.08.22 13:27:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.03 01:37:11 | 000,001,604 | ---- | C] () -- C:\Users\Hilde\AppData\Roaming\gnuplot_history

< End of report >
         
--- --- ---


Extras Logdatei:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.07.2012 00:25:00 - Run 1
OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\Hilde\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,07 Mb Total Physical Memory | 290,67 Mb Available Physical Memory | 28,44% Memory free
2,00 Gb Paging File | 0,82 Gb Available in Paging File | 40,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 39,20 Gb Free Space | 26,32% Space Free | Partition Type: NTFS
 
Computer Name: HILDE-PC | User Name: Hilde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0196821C-041E-49A4-8C39-F68D1AF8B427}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{066EA5B6-DC48-4C3F-926E-9250DA118826}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{140F6214-B532-436B-991A-6F08ACABD7F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{379DEABE-198A-411F-9A3E-5A66F3E1D4AE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{37FC2601-2520-4103-8765-E402C2C96F16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3D82A9A7-BF6B-44D2-AF9C-A2D664D885B6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3FB99EE1-7F36-4754-844F-DC7E7BFEF847}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C91A9D9-CCFF-4910-A26C-C763C81CBF33}" = lport=445 | protocol=6 | dir=in | app=system | 
"{51BD68F5-E064-49A6-9C5C-5B6D5FCF835C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6BABF63A-483A-4F6B-A0E2-AAD7F504D319}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76FE1753-326A-48F5-AAFF-7CE54FC10DCE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{803CB2A3-EBED-46C6-8697-883EC359E814}" = rport=138 | protocol=17 | dir=out | app=system | 
"{806826AC-CCF2-4470-834D-5C7769AD1574}" = rport=139 | protocol=6 | dir=out | app=system | 
"{85086318-05CB-4A72-B7D3-67AC34D3F428}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8645DF6F-4C44-4D09-9F8E-416DD16E0F03}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8AEA1DD3-C384-49D5-A564-E6483D587C27}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A93A8F1E-4602-412D-AAAE-89E4FBF3274F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B6D345AA-EEC2-4DF5-BDC5-153595F3C782}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D2EE1E6A-9390-479B-87B6-87C69B5B4BF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB213867-0BBA-4D2A-97EE-150BB2290A79}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E0EA9CA3-F907-4355-AD60-3B9E6981BE07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E27CD295-E3D1-4851-AA01-2A9FFDF370D9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EF4BB1E3-A8B7-4485-9C80-992D56148C2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BDED9D-4778-4874-A7E9-B6BEFF946C5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{09AC9F74-BD7D-4790-A474-88E2D70B49C6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0D4D7000-6DF6-43CC-96C9-68019D95AE17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{119A45F0-A807-49C5-9785-F8436BB3BF5E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{13041106-1C47-4595-B182-77EC74438F05}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe | 
"{1C8A86F5-7AE0-4D40-A617-B4DD5B739291}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1F095D43-AA78-47CE-B04E-82FD4B2E03C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23D0486F-A0BC-4976-9450-D97AEF90B064}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe | 
"{251BD3D3-17BF-48E0-9838-2FBAD17CAB8F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{30E2A8B9-EACC-4BD2-97B2-937536986EFF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{3AC10B5E-EE05-4921-B413-30B0C874BB82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41BD4A83-57F9-4F2A-A778-B00B6E760673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41E56610-50C1-4291-855A-D9E89D07FAFF}" = protocol=6 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe | 
"{54E6C753-F84B-4CE7-884C-FD615E1C22DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5548227E-4457-45FE-9545-EB1A3505D96C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6939ED2D-8518-4354-B60A-B724D22EFE10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6BBACA5B-9776-412A-AF27-CF2E819E0AB0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8E5FC1DA-9880-463E-8B4A-BABF59C13E3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E914D33-3FE5-48A4-953F-66157A2F105E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E88CA67-8709-481C-9FDB-975838468D7B}" = protocol=6 | dir=out | app=system | 
"{A8C58EDA-9DF1-47B4-A4E8-CEC060DBAA0B}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathematica.exe | 
"{B139BB4B-F723-4B2D-A415-7C866BB881CD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{C3B70F67-8BB1-4320-ADF7-9A0FFB1641EC}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\mathkernel.exe | 
"{C793AFA1-7D89-42A6-B632-745731911711}" = protocol=1 | dir=in | name=uni | 
"{CD19F73A-C428-4B0E-AC3D-8969BDCABF48}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D582C332-3CFC-430B-A3DE-C6D74A38DE33}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{D762AD5F-E28B-4466-9F68-123A97C4EC24}" = protocol=17 | dir=in | app=c:\program files\wolfram research\mathematica\7.0\math.exe | 
"{D9C3BFE3-6ED3-4986-A222-EB368074B07D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E19E3F43-72FA-434D-9689-9F48C117EF40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E37C222C-A5E7-4A2E-BE84-7E098A2EF3B4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{FF3DA461-B149-46FC-8623-6FDEA93A5CBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{56804A55-35D0-4F57-9298-10747F9B6DA2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{67F76C2F-C19E-40D3-ADCF-7725F5D286D6}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{6EBFC9A2-4EE2-4FB4-A328-93C2B6370E57}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{8497EA94-4033-4825-8676-641231FA8B89}C:\users\hilde\desktop\aoe2\empires2.exe" = protocol=6 | dir=in | app=c:\users\hilde\desktop\aoe2\empires2.exe | 
"TCP Query User{BE38A094-2A4F-43F3-B6B1-87D10319E487}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{0D252A57-7935-45FC-9DD0-DFF3A14C02C0}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{213A74AB-4D48-4785-9F1D-99A0FD9D5623}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{321D835B-31D7-4073-9BAE-99FD2AAD27F8}C:\users\hilde\desktop\aoe2\empires2.exe" = protocol=17 | dir=in | app=c:\users\hilde\desktop\aoe2\empires2.exe | 
"UDP Query User{3A8F7BBD-4A0E-49A1-989B-261AEDC91FF6}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{DB958838-2896-4D98-8FEB-F9E1DBC7561E}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{3315B802-84C6-47BC-907A-9B77A4646197}_is1" = SWF to AVI 1.7.1
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1FDCD51-DCC5-403A-810A-CC5A746588D1}" = WinFunktion Mathematik plus 14
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{e3017c9e-4638-4f56-adfd-a1874aa4ef83}" = Nero 9 Essentials
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECE12161-B445-48FA-9056-FD54D8A72459}" = OriginPro 7.5
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Anno 1404 Bonus_is1" = Anno 1404 Bonus
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"Canon LBP5050" = Canon LBP5050
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Digital Editions" = Adobe Digital Editions
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"GeoGebra" = GeoGebra
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.1 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.9.38
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-L 7.0.1 1213965_is1" = Wolfram Mathematica 7 (M-WIN-L 7.0.1 1213965)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Starcraft" = Starcraft
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.10.2011 18:56:19 | Computer Name = Hilde-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17514 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 70c    Startzeit: 01cc8bef1794b78b    Endzeit: 0    Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID:
   
 
Error - 17.10.2011 07:37:26 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 17.10.2011 07:40:24 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows
 live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.10.2011 07:42:29 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 18.10.2011 17:03:28 | Computer Name = Hilde-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 7.0.1.4288 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 6d4    Startzeit: 
01cc8d7e9150be8f    Endzeit: 909    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
   
 
Error - 19.10.2011 06:55:22 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 19.10.2011 06:58:01 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows
 live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.10.2011 07:52:34 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 19.10.2011 07:53:22 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\windows
 live\messenger\wlcsdk.exe".  Die abhängige Assemblierung "UCCAPI,processorArchitecture="x86",type="win32",version="2.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.10.2011 07:54:15 | Computer Name = Hilde-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
[ OSession Events ]
Error - 14.10.2010 13:25:29 | Computer Name = Hilde-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9735
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 23.07.2012 11:57:12 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMSwissArmy" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%2
 
Error - 23.07.2012 13:11:52 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wuauserv erreicht.
 
Error - 23.07.2012 15:44:45 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 23.07.2012 16:05:38 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 24.07.2012 03:19:49 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 24.07.2012 04:01:16 | Computer Name = Hilde-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.07.2012 08:13:50 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 24.07.2012 11:17:04 | Computer Name = Hilde-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?07.?2012 um 17:15:07 unerwartet heruntergefahren.
 
Error - 24.07.2012 11:18:28 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 24.07.2012 12:36:50 | Computer Name = Hilde-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
--- --- ---

[/CODE]

GMER Logdatei
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-25 01:43:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: yif6qzl3.exe; Driver: C:\Users\Hilde\AppData\Local\Temp\ugloipob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwAddBootEntry [0x88717FC4]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwAllocateVirtualMemory [0x8F1F6510]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateEvent [0x8871A456]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateEventPair [0x8871A4AE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateIoCompletion [0x8871A5C4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateMutant [0x8871A3AC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateSection [0x8871A4FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateSemaphore [0x8871A400]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwCreateTimer [0x8871A572]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwDeleteBootEntry [0x88717FE8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwFreeVirtualMemory [0x8F1F65C0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwLoadDriver [0x88717DB2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwModifyBootEntry [0x8871800C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwNotifyChangeKey [0x8871A9BC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwNotifyChangeMultipleKeys [0x88718AA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenEvent [0x8871A486]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenEventPair [0x8871A4D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenIoCompletion [0x8871A5EE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenMutant [0x8871A3D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenSection [0x8871A53E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenSemaphore [0x8871A42E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwOpenTimer [0x8871A59C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                             ZwProtectVirtualMemory [0x8F1F6658]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwQueryObject [0x8871896A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetBootEntryOrder [0x88718030]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetBootOptions [0x88718054]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetSystemInformation [0x88717E0C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSetSystemPowerState [0x88717F48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwShutdownSystem [0x88717F24]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwSystemDebugControl [0x88717F6C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                             ZwVdmControl [0x88718078]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                          83087989 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                            830A74E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntoskrnl.exe!KeRemoveQueueEx + 1393                                                                                               830AE750 4 Bytes  [C4, 7F, 71, 88]
.text           ntoskrnl.exe!KeRemoveQueueEx + 13BB                                                                                               830AE778 4 Bytes  [10, 65, 1F, 8F]
.text           ntoskrnl.exe!KeRemoveQueueEx + 146F                                                                                               830AE82C 8 Bytes  [56, A4, 71, 88, AE, A4, 71, ...] {PUSH ESI; MOVSB ; JNO 0xffffffffffffff8c; SCASB ; MOVSB ; JNO 0xffffffffffffff90}
.text           ntoskrnl.exe!KeRemoveQueueEx + 147B                                                                                               830AE838 4 Bytes  [C4, A5, 71, 88]
.text           ntoskrnl.exe!KeRemoveQueueEx + 1497                                                                                               830AE854 4 Bytes  [AC, A3, 71, 88]
.text           ...                                                                                                                               
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                                            section is writeable [0x8F3AA300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                            section is writeable [0x8201B300, 0x1BEE, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                               A0DA5000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                               A0DA5123 629 Bytes  [05, DA, A0, FE, 05, 34, 05, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                               A0DA5399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                                                               A0DA53FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 543B                                                                                               A0DA54AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE            ...                                                                                                                               

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[360] ntdll.dll!LdrUnloadDll                                                                       779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[360] ntdll.dll!LdrLoadDll                                                                         779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[360] kernel32.dll!GetBinaryTypeW + 70                                                             779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[360] USER32.dll!UnhookWindowsHookEx                                                               7735ADF9 5 Bytes  JMP 00500A08 
.text           C:\Windows\system32\svchost.exe[360] USER32.dll!UnhookWinEvent                                                                    7735B750 5 Bytes  JMP 005003FC 
.text           C:\Windows\system32\svchost.exe[360] USER32.dll!SetWindowsHookExW                                                                 7735E30C 5 Bytes  JMP 00500804 
.text           C:\Windows\system32\svchost.exe[360] USER32.dll!SetWinEventHook                                                                   773624DC 5 Bytes  JMP 005001F8 
.text           C:\Windows\system32\svchost.exe[360] USER32.dll!SetWindowsHookExA                                                                 77386D0C 5 Bytes  JMP 00500600 
.text           C:\Windows\system32\csrss.exe[400] kernel32.dll!GetBinaryTypeW + 70                                                               779169F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[460] ntdll.dll!LdrUnloadDll                                                                       779EC86E 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\wininit.exe[460] ntdll.dll!LdrLoadDll                                                                         779F223E 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\wininit.exe[460] kernel32.dll!GetBinaryTypeW + 70                                                             779169F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[460] USER32.dll!UnhookWindowsHookEx                                                               7735ADF9 5 Bytes  JMP 00050A08 
.text           C:\Windows\system32\wininit.exe[460] USER32.dll!UnhookWinEvent                                                                    7735B750 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\wininit.exe[460] USER32.dll!SetWindowsHookExW                                                                 7735E30C 5 Bytes  JMP 00050804 
.text           C:\Windows\system32\wininit.exe[460] USER32.dll!SetWinEventHook                                                                   773624DC 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\wininit.exe[460] USER32.dll!SetWindowsHookExA                                                                 77386D0C 5 Bytes  JMP 00050600 
.text           C:\Windows\system32\csrss.exe[472] kernel32.dll!GetBinaryTypeW + 70                                                               779169F4 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[520] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000303FC 
.text           C:\Windows\system32\winlogon.exe[520] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000301F8 
.text           C:\Windows\system32\winlogon.exe[520] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\winlogon.exe[520] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\winlogon.exe[520] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\winlogon.exe[520] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\winlogon.exe[520] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\winlogon.exe[520] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\services.exe[564] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\services.exe[564] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\services.exe[564] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll                                                                         779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll                                                                           779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70                                                               779169F4 1 Byte  [62]
.text           C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrUnloadDll                                                                           779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrLoadDll                                                                             779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\lsm.exe[600] kernel32.dll!GetBinaryTypeW + 70                                                                 779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[712] ntdll.dll!LdrUnloadDll                                                                       779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[712] ntdll.dll!LdrLoadDll                                                                         779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[712] kernel32.dll!GetBinaryTypeW + 70                                                             779169F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[728] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\taskhost.exe[728] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\taskhost.exe[728] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\taskhost.exe[728] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 000E0A08 
.text           C:\Windows\system32\taskhost.exe[728] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 000E03FC 
.text           C:\Windows\system32\taskhost.exe[728] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 000E0804 
.text           C:\Windows\system32\taskhost.exe[728] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 000E01F8 
.text           C:\Windows\system32\taskhost.exe[728] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 000E0600 
.text           C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrUnloadDll                                                                       779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[800] ntdll.dll!LdrLoadDll                                                                         779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[800] kernel32.dll!GetBinaryTypeW + 70                                                             779169F4 1 Byte  [62]
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] ntdll.dll!LdrUnloadDll                                                779EC86E 5 Bytes  JMP 000603FC 
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] ntdll.dll!LdrLoadDll                                                  779F223E 5 Bytes  JMP 000601F8 
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] kernel32.dll!GetBinaryTypeW + 70                                      779169F4 1 Byte  [62]
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] USER32.dll!UnhookWindowsHookEx                                        7735ADF9 5 Bytes  JMP 000F0A08 
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] USER32.dll!UnhookWinEvent                                             7735B750 5 Bytes  JMP 000F03FC 
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] USER32.dll!SetWindowsHookExW                                          7735E30C 5 Bytes  JMP 000F0804 
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] USER32.dll!SetWinEventHook                                            773624DC 5 Bytes  JMP 000F01F8 
.text           c:\Program Files\Microsoft Security Client\MsMpEng.exe[856] USER32.dll!SetWindowsHookExA                                          77386D0C 5 Bytes  JMP 000F0600 
.text           C:\Windows\system32\Ati2evxx.exe[948] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\Ati2evxx.exe[948] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\Ati2evxx.exe[948] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\Ati2evxx.exe[948] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Windows\system32\Ati2evxx.exe[948] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 001E03FC 
.text           C:\Windows\system32\Ati2evxx.exe[948] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 001E0804 
.text           C:\Windows\system32\Ati2evxx.exe[948] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 001E01F8 
.text           C:\Windows\system32\Ati2evxx.exe[948] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 001E0600 
.text           C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[1016] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 00510A08 
.text           C:\Windows\System32\svchost.exe[1016] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 005103FC 
.text           C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 00510804 
.text           C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 005101F8 
.text           C:\Windows\System32\svchost.exe[1016] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 00510600 
.text           C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 008A0A08 
.text           C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 008A03FC 
.text           C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 008A0804 
.text           C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 008A01F8 
.text           C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 008A0600 
.text           C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1084] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 00F00A08 
.text           C:\Windows\system32\svchost.exe[1084] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 00F003FC 
.text           C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 00F00804 
.text           C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 00F001F8 
.text           C:\Windows\system32\svchost.exe[1084] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 00F00600 
.text           C:\Windows\system32\AUDIODG.EXE[1144] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] ntdll.dll!LdrUnloadDll                                               779EC86E 5 Bytes  JMP 000703FC 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] ntdll.dll!LdrLoadDll                                                 779F223E 5 Bytes  JMP 000701F8 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] kernel32.dll!GetBinaryTypeW + 70                                     779169F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] USER32.dll!UnhookWindowsHookEx                                       7735ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] USER32.dll!UnhookWinEvent                                            7735B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] USER32.dll!SetWindowsHookExW                                         7735E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] USER32.dll!SetWinEventHook                                           773624DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1172] USER32.dll!SetWindowsHookExA                                         77386D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 00500A08 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 005003FC 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 00500804 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 005001F8 
.text           C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 00500600 
.text           C:\Windows\system32\Ati2evxx.exe[1372] ntdll.dll!LdrUnloadDll                                                                     779EC86E 5 Bytes  JMP 001503FC 
.text           C:\Windows\system32\Ati2evxx.exe[1372] ntdll.dll!LdrLoadDll                                                                       779F223E 5 Bytes  JMP 001501F8 
.text           C:\Windows\system32\Ati2evxx.exe[1372] kernel32.dll!GetBinaryTypeW + 70                                                           779169F4 1 Byte  [62]
.text           C:\Windows\system32\Ati2evxx.exe[1372] USER32.dll!UnhookWindowsHookEx                                                             7735ADF9 5 Bytes  JMP 001E0A08 
.text           C:\Windows\system32\Ati2evxx.exe[1372] USER32.dll!UnhookWinEvent                                                                  7735B750 5 Bytes  JMP 001E03FC 
.text           C:\Windows\system32\Ati2evxx.exe[1372] USER32.dll!SetWindowsHookExW                                                               7735E30C 5 Bytes  JMP 001E0804 
.text           C:\Windows\system32\Ati2evxx.exe[1372] USER32.dll!SetWinEventHook                                                                 773624DC 5 Bytes  JMP 001E01F8 
.text           C:\Windows\system32\Ati2evxx.exe[1372] USER32.dll!SetWindowsHookExA                                                               77386D0C 5 Bytes  JMP 001E0600 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] ntdll.dll!LdrUnloadDll                                                       779EC86E 5 Bytes  JMP 000A03FC 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] ntdll.dll!LdrLoadDll                                                         779F223E 5 Bytes  JMP 000A01F8 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] kernel32.dll!GetBinaryTypeW + 70                                             779169F4 1 Byte  [62]
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] USER32.dll!UnhookWindowsHookEx                                               7735ADF9 5 Bytes  JMP 000D0A08 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] USER32.dll!UnhookWinEvent                                                    7735B750 5 Bytes  JMP 000D03FC 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] USER32.dll!SetWindowsHookExW                                                 7735E30C 5 Bytes  JMP 000D0804 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] USER32.dll!SetWinEventHook                                                   773624DC 5 Bytes  JMP 000D01F8 
.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1408] USER32.dll!SetWindowsHookExA                                                 77386D0C 5 Bytes  JMP 000D0600 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] ntdll.dll!LdrUnloadDll                                                         779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] ntdll.dll!LdrLoadDll                                                           779F223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] kernel32.dll!GetBinaryTypeW + 70                                               779169F4 1 Byte  [62]
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] USER32.dll!UnhookWindowsHookEx                                                 7735ADF9 5 Bytes  JMP 00090A08 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] USER32.dll!UnhookWinEvent                                                      7735B750 5 Bytes  JMP 000903FC 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] USER32.dll!SetWindowsHookExW                                                   7735E30C 5 Bytes  JMP 00090804 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] USER32.dll!SetWinEventHook                                                     773624DC 5 Bytes  JMP 000901F8 
.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1424] USER32.dll!SetWindowsHookExA                                                   77386D0C 5 Bytes  JMP 00090600 
.text           C:\Windows\system32\sppsvc.exe[1508] ntdll.dll!LdrUnloadDll                                                                       779EC86E 5 Bytes  JMP 000703FC 
.text           C:\Windows\system32\sppsvc.exe[1508] ntdll.dll!LdrLoadDll                                                                         779F223E 5 Bytes  JMP 000701F8 
.text           C:\Windows\system32\sppsvc.exe[1508] kernel32.dll!GetBinaryTypeW + 70                                                             779169F4 1 Byte  [62]
.text           C:\Windows\system32\sppsvc.exe[1508] USER32.dll!UnhookWindowsHookEx                                                               7735ADF9 5 Bytes  JMP 00120A08 
.text           C:\Windows\system32\sppsvc.exe[1508] USER32.dll!UnhookWinEvent                                                                    7735B750 5 Bytes  JMP 001203FC 
.text           C:\Windows\system32\sppsvc.exe[1508] USER32.dll!SetWindowsHookExW                                                                 7735E30C 5 Bytes  JMP 00120804 
.text           C:\Windows\system32\sppsvc.exe[1508] USER32.dll!SetWinEventHook                                                                   773624DC 5 Bytes  JMP 001201F8 
.text           C:\Windows\system32\sppsvc.exe[1508] USER32.dll!SetWindowsHookExA                                                                 77386D0C 5 Bytes  JMP 00120600 
.text           C:\Windows\system32\svchost.exe[1544] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1544] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\SearchFilterHost.exe[1644] ntdll.dll!LdrUnloadDll                                                             779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\SearchFilterHost.exe[1644] ntdll.dll!LdrLoadDll                                                               779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\SearchFilterHost.exe[1644] kernel32.dll!GetBinaryTypeW + 70                                                   779169F4 1 Byte  [62]
.text           C:\Windows\system32\SearchFilterHost.exe[1644] USER32.dll!UnhookWindowsHookEx                                                     7735ADF9 5 Bytes  JMP 00100A08 
.text           C:\Windows\system32\SearchFilterHost.exe[1644] USER32.dll!UnhookWinEvent                                                          7735B750 5 Bytes  JMP 001003FC 
.text           C:\Windows\system32\SearchFilterHost.exe[1644] USER32.dll!SetWindowsHookExW                                                       7735E30C 5 Bytes  JMP 00100804 
.text           C:\Windows\system32\SearchFilterHost.exe[1644] USER32.dll!SetWinEventHook                                                         773624DC 5 Bytes  JMP 001001F8 
.text           C:\Windows\system32\SearchFilterHost.exe[1644] USER32.dll!SetWindowsHookExA                                                       77386D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\Explorer.EXE[1708] ntdll.dll!LdrUnloadDll                                                                              779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\Explorer.EXE[1708] ntdll.dll!LdrLoadDll                                                                                779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\Explorer.EXE[1708] kernel32.dll!GetBinaryTypeW + 70                                                                    779169F4 1 Byte  [62]
.text           C:\Windows\Explorer.EXE[1708] USER32.dll!UnhookWindowsHookEx                                                                      7735ADF9 5 Bytes  JMP 000A0A08 
.text           C:\Windows\Explorer.EXE[1708] USER32.dll!UnhookWinEvent                                                                           7735B750 5 Bytes  JMP 000A03FC 
.text           C:\Windows\Explorer.EXE[1708] USER32.dll!SetWindowsHookExW                                                                        7735E30C 5 Bytes  JMP 000A0804 
.text           C:\Windows\Explorer.EXE[1708] USER32.dll!SetWinEventHook                                                                          773624DC 5 Bytes  JMP 000A01F8 
.text           C:\Windows\Explorer.EXE[1708] USER32.dll!SetWindowsHookExA                                                                        77386D0C 5 Bytes  JMP 000A0600 
.text           C:\Windows\system32\Dwm.exe[1732] ntdll.dll!LdrUnloadDll                                                                          779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\Dwm.exe[1732] ntdll.dll!LdrLoadDll                                                                            779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\Dwm.exe[1732] kernel32.dll!GetBinaryTypeW + 70                                                                779169F4 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[1732] USER32.dll!UnhookWindowsHookEx                                                                  7735ADF9 5 Bytes  JMP 00080A08 
.text           C:\Windows\system32\Dwm.exe[1732] USER32.dll!UnhookWinEvent                                                                       7735B750 5 Bytes  JMP 000803FC 
.text           C:\Windows\system32\Dwm.exe[1732] USER32.dll!SetWindowsHookExW                                                                    7735E30C 5 Bytes  JMP 00080804 
.text           C:\Windows\system32\Dwm.exe[1732] USER32.dll!SetWinEventHook                                                                      773624DC 5 Bytes  JMP 000801F8 
.text           C:\Windows\system32\Dwm.exe[1732] USER32.dll!SetWindowsHookExA                                                                    77386D0C 5 Bytes  JMP 00080600 
.text           C:\Windows\system32\svchost.exe[1744] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[1744] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[1744] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1744] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 005B0A08 
.text           C:\Windows\system32\svchost.exe[1744] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 005B03FC 
.text           C:\Windows\system32\svchost.exe[1744] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 005B0804 
.text           C:\Windows\system32\svchost.exe[1744] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 005B01F8 
.text           C:\Windows\system32\svchost.exe[1744] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 005B0600 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1780] kernel32.dll!SetUnhandledExceptionFilter                                778FF4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1780] kernel32.dll!GetBinaryTypeW + 70                                        779169F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] ntdll.dll!LdrUnloadDll                                     779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] ntdll.dll!LdrLoadDll                                       779F223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] kernel32.dll!GetBinaryTypeW + 70                           779169F4 1 Byte  [62]
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] USER32.dll!UnhookWindowsHookEx                             7735ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] USER32.dll!UnhookWinEvent                                  7735B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] USER32.dll!SetWindowsHookExW                               7735E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] USER32.dll!SetWinEventHook                                 773624DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1836] USER32.dll!SetWindowsHookExA                               77386D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\spoolsv.exe[2036] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\System32\spoolsv.exe[2036] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\System32\spoolsv.exe[2036] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 00090A08 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 000903FC 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 00090804 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 000901F8 
.text           C:\Windows\System32\spoolsv.exe[2036] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 00090600 
.text           C:\Windows\system32\svchost.exe[2180] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\svchost.exe[2180] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\svchost.exe[2180] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2200] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000A03FC 
.text           C:\Windows\system32\svchost.exe[2200] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000A01F8 
.text           C:\Windows\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[2200] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 00290A08 
.text           C:\Windows\system32\svchost.exe[2200] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 002903FC 
.text           C:\Windows\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 00290804 
.text           C:\Windows\system32\svchost.exe[2200] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 002901F8 
.text           C:\Windows\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 00290600 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] ntdll.dll!LdrUnloadDll            779EC86E 5 Bytes  JMP 000703FC 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] ntdll.dll!LdrLoadDll              779F223E 5 Bytes  JMP 000701F8 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] kernel32.dll!GetBinaryTypeW + 70  779169F4 1 Byte  [62]
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] USER32.dll!UnhookWindowsHookEx    7735ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] USER32.dll!UnhookWinEvent         7735B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] USER32.dll!SetWindowsHookExW      7735E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] USER32.dll!SetWinEventHook        773624DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe[2248] USER32.dll!SetWindowsHookExA      77386D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] ntdll.dll!LdrUnloadDll                                                                779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] ntdll.dll!LdrLoadDll                                                                  779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] kernel32.dll!GetBinaryTypeW + 70                                                      779169F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] USER32.dll!UnhookWindowsHookEx                                                        7735ADF9 5 Bytes  JMP 00140A08 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] USER32.dll!UnhookWinEvent                                                             7735B750 5 Bytes  JMP 001403FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] USER32.dll!SetWindowsHookExW                                                          7735E30C 5 Bytes  JMP 00140804 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] USER32.dll!SetWinEventHook                                                            773624DC 5 Bytes  JMP 001401F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2600] USER32.dll!SetWindowsHookExA                                                          77386D0C 5 Bytes  JMP 00140600 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] ntdll.dll!LdrUnloadDll                                          779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] ntdll.dll!LdrLoadDll                                            779F223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] kernel32.dll!GetBinaryTypeW + 70                                779169F4 1 Byte  [62]
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] USER32.dll!UnhookWindowsHookEx                                  7735ADF9 5 Bytes  JMP 00AB0A08 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] USER32.dll!UnhookWinEvent                                       7735B750 5 Bytes  JMP 00AB03FC 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] USER32.dll!SetWindowsHookExW                                    7735E30C 5 Bytes  JMP 00AB0804 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] USER32.dll!SetWinEventHook                                      773624DC 5 Bytes  JMP 00AB01F8 
.text           C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2848] USER32.dll!SetWindowsHookExA                                    77386D0C 5 Bytes  JMP 00AB0600 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] ntdll.dll!LdrUnloadDll                                              779EC86E 5 Bytes  JMP 000603FC 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] ntdll.dll!LdrLoadDll                                                779F223E 5 Bytes  JMP 000601F8 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] kernel32.dll!GetBinaryTypeW + 70                                    779169F4 1 Byte  [62]
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] USER32.dll!UnhookWindowsHookEx                                      7735ADF9 5 Bytes  JMP 00100A08 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] USER32.dll!UnhookWinEvent                                           7735B750 5 Bytes  JMP 001003FC 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] USER32.dll!SetWindowsHookExW                                        7735E30C 5 Bytes  JMP 00100804 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] USER32.dll!SetWinEventHook                                          773624DC 5 Bytes  JMP 001001F8 
.text           c:\Program Files\Microsoft Security Client\MpCmdRun.exe[2852] USER32.dll!SetWindowsHookExA                                        77386D0C 5 Bytes  JMP 00100600 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] ntdll.dll!LdrUnloadDll                                                      779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] ntdll.dll!LdrLoadDll                                                        779F223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] kernel32.dll!GetBinaryTypeW + 70                                            779169F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] USER32.dll!UnhookWindowsHookEx                                              7735ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] USER32.dll!UnhookWinEvent                                                   7735B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] USER32.dll!SetWindowsHookExW                                                7735E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] USER32.dll!SetWinEventHook                                                  773624DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2872] USER32.dll!SetWindowsHookExA                                                77386D0C 5 Bytes  JMP 001F0600 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] ntdll.dll!LdrUnloadDll                                              779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] ntdll.dll!LdrLoadDll                                                779F223E 5 Bytes  JMP 001601F8 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] kernel32.dll!GetBinaryTypeW + 70                                    779169F4 1 Byte  [62]
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] USER32.dll!UnhookWindowsHookEx                                      7735ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] USER32.dll!UnhookWinEvent                                           7735B750 5 Bytes  JMP 001F03FC 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] USER32.dll!SetWindowsHookExW                                        7735E30C 5 Bytes  JMP 001F0804 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] USER32.dll!SetWinEventHook                                          773624DC 5 Bytes  JMP 001F01F8 
.text           C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE[2884] USER32.dll!SetWindowsHookExA                                        77386D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2904] kernel32.dll!GetBinaryTypeW + 70                                         779169F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] ntdll.dll!LdrUnloadDll                                                                779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] ntdll.dll!LdrLoadDll                                                                  779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] kernel32.dll!GetBinaryTypeW + 70                                                      779169F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] USER32.dll!UnhookWindowsHookEx                                                        7735ADF9 5 Bytes  JMP 00090A08 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] USER32.dll!UnhookWinEvent                                                             7735B750 5 Bytes  JMP 000903FC 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] USER32.dll!SetWindowsHookExW                                                          7735E30C 5 Bytes  JMP 00090804 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] USER32.dll!SetWinEventHook                                                            773624DC 5 Bytes  JMP 000901F8 
.text           C:\Windows\system32\wbem\wmiprvse.exe[2912] USER32.dll!SetWindowsHookExA                                                          77386D0C 5 Bytes  JMP 00090600 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] ntdll.dll!LdrUnloadDll                                                         779EC86E 5 Bytes  JMP 001703FC 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] ntdll.dll!LdrLoadDll                                                           779F223E 5 Bytes  JMP 001701F8 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] kernel32.dll!GetBinaryTypeW + 70                                               779169F4 1 Byte  [62]
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] USER32.dll!UnhookWindowsHookEx                                                 7735ADF9 5 Bytes  JMP 00200A08 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] USER32.dll!UnhookWinEvent                                                      7735B750 5 Bytes  JMP 002003FC 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] USER32.dll!SetWindowsHookExW                                                   7735E30C 5 Bytes  JMP 00200804 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] USER32.dll!SetWinEventHook                                                     773624DC 5 Bytes  JMP 002001F8 
.text           C:\Program Files\Ask.com\Updater\Updater.exe[2920] USER32.dll!SetWindowsHookExA                                                   77386D0C 5 Bytes  JMP 00200600 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] ntdll.dll!LdrUnloadDll                                                         779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] ntdll.dll!LdrLoadDll                                                           779F223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] kernel32.dll!GetBinaryTypeW + 70                                               779169F4 1 Byte  [62]
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] USER32.dll!UnhookWindowsHookEx                                                 7735ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] USER32.dll!UnhookWinEvent                                                      7735B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] USER32.dll!SetWindowsHookExW                                                   7735E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] USER32.dll!SetWinEventHook                                                     773624DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\AVG Secure Search\vprot.exe[2948] USER32.dll!SetWindowsHookExA                                                   77386D0C 5 Bytes  JMP 000F0600 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] ntdll.dll!LdrUnloadDll                                                         779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] ntdll.dll!LdrLoadDll                                                           779F223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] kernel32.dll!GetBinaryTypeW + 70                                               779169F4 1 Byte  [62]
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] USER32.dll!UnhookWindowsHookEx                                                 7735ADF9 5 Bytes  JMP 000A0A08 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] USER32.dll!UnhookWinEvent                                                      7735B750 5 Bytes  JMP 000A03FC 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] USER32.dll!SetWindowsHookExW                                                   7735E30C 5 Bytes  JMP 000A0804 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] USER32.dll!SetWinEventHook                                                     773624DC 5 Bytes  JMP 000A01F8 
.text           C:\Program Files\Windows Sidebar\sidebar.exe[3000] USER32.dll!SetWindowsHookExA                                                   77386D0C 5 Bytes  JMP 000A0600 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] ntdll.dll!LdrUnloadDll                                              779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] ntdll.dll!LdrLoadDll                                                779F223E 5 Bytes  JMP 001601F8 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] kernel32.dll!GetBinaryTypeW + 70                                    779169F4 1 Byte  [62]
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] USER32.dll!UnhookWindowsHookEx                                      7735ADF9 5 Bytes  JMP 00200A08 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] USER32.dll!UnhookWinEvent                                           7735B750 5 Bytes  JMP 002003FC 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] USER32.dll!SetWindowsHookExW                                        7735E30C 5 Bytes  JMP 00200804 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] USER32.dll!SetWinEventHook                                          773624DC 5 Bytes  JMP 002001F8 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2RPK.EXE[3008] USER32.dll!SetWindowsHookExA                                        77386D0C 5 Bytes  JMP 00200600 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] ntdll.dll!LdrUnloadDll                                              779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] ntdll.dll!LdrLoadDll                                                779F223E 5 Bytes  JMP 001601F8 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] kernel32.dll!GetBinaryTypeW + 70                                    779169F4 1 Byte  [62]
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] USER32.dll!UnhookWindowsHookEx                                      7735ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] USER32.dll!UnhookWinEvent                                           7735B750 5 Bytes  JMP 001F03FC 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] USER32.dll!SetWindowsHookExW                                        7735E30C 5 Bytes  JMP 001F0804 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] USER32.dll!SetWinEventHook                                          773624DC 5 Bytes  JMP 001F01F8 
.text           C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAC8SWK.EXE[3064] USER32.dll!SetWindowsHookExA                                        77386D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] ntdll.dll!LdrUnloadDll                                              779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] ntdll.dll!LdrLoadDll                                                779F223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] kernel32.dll!GetBinaryTypeW + 70                                    779169F4 1 Byte  [62]
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] USER32.dll!UnhookWindowsHookEx                                      7735ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] USER32.dll!UnhookWinEvent                                           7735B750 5 Bytes  JMP 000F03FC 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] USER32.dll!SetWindowsHookExW                                        7735E30C 5 Bytes  JMP 000F0804 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] USER32.dll!SetWinEventHook                                          773624DC 5 Bytes  JMP 000F01F8 
.text           C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3084] USER32.dll!SetWindowsHookExA                                        77386D0C 5 Bytes  JMP 000F0600 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] ntdll.dll!LdrUnloadDll                                                        779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] ntdll.dll!LdrLoadDll                                                          779F223E 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] kernel32.dll!GetBinaryTypeW + 70                                              779169F4 1 Byte  [62]
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] USER32.dll!UnhookWindowsHookEx                                                7735ADF9 5 Bytes  JMP 001F0A08 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] USER32.dll!UnhookWinEvent                                                     7735B750 5 Bytes  JMP 001F03FC 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] USER32.dll!SetWindowsHookExW                                                  7735E30C 5 Bytes  JMP 001F0804 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] USER32.dll!SetWinEventHook                                                    773624DC 5 Bytes  JMP 001F01F8 
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3320] USER32.dll!SetWindowsHookExA                                                  77386D0C 5 Bytes  JMP 001F0600 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] ntdll.dll!LdrUnloadDll                                                   779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] ntdll.dll!LdrLoadDll                                                     779F223E 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] kernel32.dll!GetBinaryTypeW + 70                                         779169F4 1 Byte  [62]
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] USER32.dll!UnhookWindowsHookEx                                           7735ADF9 5 Bytes  JMP 00100A08 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] USER32.dll!UnhookWinEvent                                                7735B750 5 Bytes  JMP 001003FC 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] USER32.dll!SetWindowsHookExW                                             7735E30C 5 Bytes  JMP 00100804 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] USER32.dll!SetWinEventHook                                               773624DC 5 Bytes  JMP 001001F8 
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[3380] USER32.dll!SetWindowsHookExA                                             77386D0C 5 Bytes  JMP 00100600 
.text           C:\Windows\system32\SearchIndexer.exe[3468] ntdll.dll!LdrUnloadDll                                                                779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\SearchIndexer.exe[3468] ntdll.dll!LdrLoadDll                                                                  779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\SearchIndexer.exe[3468] kernel32.dll!GetBinaryTypeW + 70                                                      779169F4 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!UnhookWindowsHookEx                                                        7735ADF9 5 Bytes  JMP 00190A08 
.text           C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!UnhookWinEvent                                                             7735B750 5 Bytes  JMP 001903FC 
.text           C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWindowsHookExW                                                          7735E30C 5 Bytes  JMP 00190804 
.text           C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWinEventHook                                                            773624DC 5 Bytes  JMP 001901F8 
.text           C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWindowsHookExA                                                          77386D0C 5 Bytes  JMP 00190600 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] ntdll.dll!LdrUnloadDll                                                                779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] ntdll.dll!LdrLoadDll                                                                  779F223E 5 Bytes  JMP 001601F8 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] kernel32.dll!GetBinaryTypeW + 70                                                      779169F4 1 Byte  [62]
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] USER32.dll!UnhookWindowsHookEx                                                        7735ADF9 5 Bytes  JMP 00210A08 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] USER32.dll!UnhookWinEvent                                                             7735B750 5 Bytes  JMP 002103FC 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] USER32.dll!SetWindowsHookExW                                                          7735E30C 5 Bytes  JMP 00210804 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] USER32.dll!SetWinEventHook                                                            773624DC 5 Bytes  JMP 002101F8 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3548] USER32.dll!SetWindowsHookExA                                                          77386D0C 5 Bytes  JMP 00210600 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] ntdll.dll!LdrUnloadDll                                                                779EC86E 5 Bytes  JMP 001603FC 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] ntdll.dll!LdrLoadDll                                                                  779F223E 5 Bytes  JMP 001601F8 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] kernel32.dll!GetBinaryTypeW + 70                                                      779169F4 1 Byte  [62]
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] USER32.dll!UnhookWindowsHookEx                                                        7735ADF9 5 Bytes  JMP 00220A08 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] USER32.dll!UnhookWinEvent                                                             7735B750 5 Bytes  JMP 002203FC 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] USER32.dll!SetWindowsHookExW                                                          7735E30C 5 Bytes  JMP 00220804 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] USER32.dll!SetWinEventHook                                                            773624DC 5 Bytes  JMP 002201F8 
.text           C:\Users\Hilde\Downloads\yif6qzl3.exe[3800] USER32.dll!SetWindowsHookExA                                                          77386D0C 5 Bytes  JMP 00220600 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] ntdll.dll!LdrUnloadDll                                                           779EC86E 5 Bytes  JMP 000503FC 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] ntdll.dll!LdrLoadDll                                                             779F223E 5 Bytes  JMP 000501F8 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] kernel32.dll!GetBinaryTypeW + 70                                                 779169F4 1 Byte  [62]
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!UnhookWindowsHookEx                                                   7735ADF9 5 Bytes  JMP 00130A08 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!UnhookWinEvent                                                        7735B750 5 Bytes  JMP 001303FC 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!SetWindowsHookExW                                                     7735E30C 5 Bytes  JMP 00130804 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!SetWinEventHook                                                       773624DC 5 Bytes  JMP 001301F8 
.text           C:\Windows\system32\SearchProtocolHost.exe[3964] USER32.dll!SetWindowsHookExA                                                     77386D0C 5 Bytes  JMP 00130600 
.text           C:\Windows\system32\taskeng.exe[4008] ntdll.dll!LdrUnloadDll                                                                      779EC86E 5 Bytes  JMP 000603FC 
.text           C:\Windows\system32\taskeng.exe[4008] ntdll.dll!LdrLoadDll                                                                        779F223E 5 Bytes  JMP 000601F8 
.text           C:\Windows\system32\taskeng.exe[4008] kernel32.dll!GetBinaryTypeW + 70                                                            779169F4 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[4008] USER32.dll!UnhookWindowsHookEx                                                              7735ADF9 5 Bytes  JMP 000F0A08 
.text           C:\Windows\system32\taskeng.exe[4008] USER32.dll!UnhookWinEvent                                                                   7735B750 5 Bytes  JMP 000F03FC 
.text           C:\Windows\system32\taskeng.exe[4008] USER32.dll!SetWindowsHookExW                                                                7735E30C 5 Bytes  JMP 000F0804 
.text           C:\Windows\system32\taskeng.exe[4008] USER32.dll!SetWinEventHook                                                                  773624DC 5 Bytes  JMP 000F01F8 
.text           C:\Windows\system32\taskeng.exe[4008] USER32.dll!SetWindowsHookExA                                                                77386D0C 5 Bytes  JMP 000F0600 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                           aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000066                                                                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                           aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
         


Bei defogger gab es keine Fehlermeldung (Schritt 1).

Danke schonmal für eure Hilfe!
Liebe Grüße
FraHi
__________________

Geändert von FraHi (25.07.2012 um 11:26 Uhr)

Alt 25.07.2012, 15:16   #4
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
MOD - [2012.07.23 16:14:01 | 001,147,488 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe 
SRV - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5) 
SRV - [2012.07.19 08:58:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Hilde\AppData\Local\Temp\ugloipob.sys -- (ugloipob) 
DRV - [2010.09.27 14:02:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) 
DRV - [2010.09.27 14:02:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111378&babsrc=SP_ss&mntrId=40517db30000000000000040d0a474c6 
IE - HKCU\..\SearchScopes\{86BED112-CFE1-4D22-BE45-637C306DD91A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_ptnrs=&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43&apn_dtid=OSJ000&&q=" 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.23 16:15:17 | 000,000,000 | ---D | M] 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) 
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () 
O4 - Startup: C:\Users\Hilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell - "" = AutoRun 
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell\AutoRun\command - "" = D:\XA.EXE redirect.htm 
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell\AutoRun\command - "" = F:\SETUP.EXE 

[2012.07.23 16:06:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 
[2012.07.13 02:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask 
[[2012.07.12 13:17:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ywbcinzvddorazu 
[2012.07.12 13:17:04 | 000,000,051 | ---- | M] () -- C:\ProgramData\boxtbsxavutwzwc 

[2012.07.23 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search 
[2012.07.23 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search 
[2012.04.02 00:22:52 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml 
 
[2012.07.13 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com 
[2012.07.13 02:12:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} 
[2012.07.25 00:10:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
:Files

C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe

C:\autoexec.bat 

D:\XA.EXE redirect.htm
F:\SETUP.EXE

C:\ProgramData\boxtbsxavutwzwc
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 25.07.2012, 15:43   #5
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Dankeschön! Das mach ich dann gleich mal!
Glg

Es hat soweit alles funktioniert + Neustart.

Hier die Logdatei:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service vToolbarUpdater12.1.5 stopped successfully!
Service vToolbarUpdater12.1.5 deleted successfully!
C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe moved successfully.
Service MozillaMaintenance stopped successfully!
Service MozillaMaintenance deleted successfully!
C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe moved successfully.
Error: No service named ugloipob was found to stop!
Service\Driver key ugloipob not found.
File C:\Users\Hilde\AppData\Local\Temp\ugloipob.sys not found.
Service atksgt stopped successfully!
Service atksgt deleted successfully!
C:\Windows\System32\drivers\atksgt.sys moved successfully.
Service lirsgt stopped successfully!
Service lirsgt deleted successfully!
C:\Windows\System32\drivers\lirsgt.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86BED112-CFE1-4D22-BE45-637C306DD91A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86BED112-CFE1-4D22-BE45-637C306DD91A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_ptnrs=&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43&apn_dtid=OSJ000&&q=" removed from keyword.URL
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CNAP2 Launcher deleted successfully.
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Programme\AVG Secure Search\vprot.exe moved successfully.
C:\Users\Hilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk moved successfully.
C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ not found.
File D:\XA.EXE redirect.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ not found.
File F:\SETUP.EXE not found.
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
C:\ProgramData\Ask\APN-Stub folder moved successfully.
C:\ProgramData\Ask folder moved successfully.
C:\ProgramData\ywbcinzvddorazu folder moved successfully.
C:\ProgramData\boxtbsxavutwzwc moved successfully.
C:\Program Files\AVG Secure Search\radio folder moved successfully.
C:\Program Files\AVG Secure Search\Licenses folder moved successfully.
C:\Program Files\AVG Secure Search\Chrome\icons folder moved successfully.
C:\Program Files\AVG Secure Search\Chrome folder moved successfully.
C:\Program Files\AVG Secure Search\12.1.0.21\radio folder moved successfully.
C:\Program Files\AVG Secure Search\12.1.0.21\Chrome\icons folder moved successfully.
C:\Program Files\AVG Secure Search\12.1.0.21\Chrome folder moved successfully.
C:\Program Files\AVG Secure Search\12.1.0.21 folder moved successfully.
C:\Program Files\AVG Secure Search folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
File\Folder C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe not found.
File\Folder C:\autoexec.bat not found.
File\Folder D:\XA.EXE redirect.htm not found.
File\Folder F:\SETUP.EXE not found.
File\Folder C:\ProgramData\boxtbsxavutwzwc not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Hilde\Desktop\cmd.bat deleted successfully.
C:\Users\Hilde\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hilde
->Temp folder emptied: 117037365 bytes
->Temporary Internet Files folder emptied: 94439481 bytes
->Java cache emptied: 259789698 bytes
->FireFox cache emptied: 82849065 bytes
->Google Chrome cache emptied: 116669806 bytes
->Flash cache emptied: 49335132 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11763212 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 698,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Hilde
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.1 log created on 07252012_164115

Files\Folders moved on Reboot...
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\apiCAJ212RO.htm moved successfully.
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\apiCAJ5QN1P.htm moved successfully.
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\background-banner-middle-v9[3].jpg moved successfully.
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\background-banner-right-v9[2].jpg moved successfully.
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LGQ6C7Z\background_banner_7_de[1].jpg moved successfully.
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LGQ6C7Z\button-flex-blue2[1].png moved successfully.
C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LGQ6C7Z\tick-blue[1].png moved successfully.

PendingFileRenameOperations files...
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\apiCAJ212RO.htm not found!
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\apiCAJ5QN1P.htm not found!
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\background-banner-middle-v9[3].jpg not found!
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNC3NLXV\background-banner-right-v9[2].jpg not found!
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LGQ6C7Z\background_banner_7_de[1].jpg not found!
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LGQ6C7Z\button-flex-blue2[1].png not found!
File C:\Users\Hilde\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LGQ6C7Z\tick-blue[1].png not found!

Registry entries deleted on Reboot...
         
Was mach ich jetzt? Oder wars das schon?
Liebe Grüße

Jetzt ist gerade ein neues Problem aufgetreten, ich habe ein update für Avast installiert und beim Neustart, ist ein Problem aufgetreten (er konnte nicht mehr hoch fahren), windows hat dann eine Systemwiederherstellung gemacht; jedoch weiß ich nicht von welchem Zeitpunkt, wurde mir nicht angezeigt.

Muss ich jetzt alle Schritte wiederholen? An sich ist es ja möglich, dass sich einiges geändert hat oder sehe ich das falsch?

Das hier ist total zum verzweifeln .

Danke für die Hilfe!
GLg FraHi

Edit: Avast startet jetzt auch nicht mehr .


Alt 31.07.2012, 12:54   #6
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?

Alt 31.07.2012, 14:45   #7
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Hallo,
dankeschön, ich habe den Quick Scan wie beschrieben durchgeführt.

Hier wieder die OTL Logdatei:

Code:
ATTFilter
OTL logfile created on: 31.07.2012 14:00:58 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Hilde\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,07 Mb Total Physical Memory | 471,42 Mb Available Physical Memory | 46,12% Memory free
2,00 Gb Paging File | 1,09 Gb Available in Paging File | 54,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 47,32 Gb Free Space | 31,77% Space Free | Partition Type: NTFS
 
Computer Name: HILDE-PC | User Name: Hilde | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 13:03:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hilde\Desktop\OTL.exe
PRC - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.10.09 07:23:32 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.27 20:10:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012.07.19 08:58:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.04.17 18:53:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 03:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.23 16:14:21 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.11.28 19:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 19:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 19:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 19:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 19:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.11.28 19:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 14:02:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.09.27 14:02:14 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.04.29 03:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007.03.07 16:28:42 | 000,167,424 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\aver7700.sys -- (aver7700)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.24 21:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005.11.14 13:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=hp
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 0E B4 C0 D2 AC CB 01  [binary data]
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111378&babsrc=SP_ss&mntrId=40517db30000000000000040d0a474c6
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{86BED112-CFE1-4D22-BE45-637C306DD91A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_ptnrs=&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43&apn_dtid=OSJ000&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.23 16:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 08:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.13 02:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.24 18:34:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 08:58:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.13 02:12:30 | 000,000,000 | ---D | M]
 
[2010.04.11 22:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Extensions
[2010.04.11 22:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.25 19:05:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hilde\AppData\Roaming\mozilla\Firefox\Profiles\l7lb6j5r.default\extensions
[2012.03.30 12:01:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hilde\AppData\Roaming\mozilla\Firefox\Profiles\l7lb6j5r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.25 19:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.25 19:42:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.19 08:58:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.19 14:58:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.23 16:13:54 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.03.19 14:58:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.19 14:58:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 14:58:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 14:58:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 14:58:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Codecv Class) - {815A7C14-BFD5-42E3-AF91-464085E0EEA4} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Hilde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hilde\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3530269C-7AD8-424E-8C18-4CFA33FECDF5}: DhcpNameServer = 192.168.100.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5B76002-FDDE-4FF1-8BEB-1F46BAF14A25}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell - "" = AutoRun
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell\AutoRun\command - "" = D:\XA.EXE redirect.htm
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell - "" = AutoRun
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 13:03:09 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Hilde\Desktop\OTL.exe
[2012.07.25 18:31:17 | 000,000,000 | ---D | C] -- C:\Avenger
[2012.07.25 17:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.07.25 16:41:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 00:49:21 | 000,100,864 | ---- | C] (GMER) -- C:\ugloipob.sys
[2012.07.23 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Roaming\Malwarebytes
[2012.07.23 17:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.23 17:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.23 17:52:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.23 17:52:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.23 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Local\AVG Secure Search
[2012.07.23 16:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.23 16:14:20 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.23 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.23 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.23 16:10:26 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Roaming\TuneUp Software
[2012.07.23 16:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.23 16:06:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.23 16:06:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.22 08:03:17 | 000,000,000 | -HSD | C] -- C:\found.025
[2012.07.13 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.07.10 07:32:11 | 000,000,000 | -HSD | C] -- C:\found.024
[2012.07.09 17:45:21 | 000,000,000 | ---D | C] -- C:\Users\Hilde\Desktop\eingescannte Unterlagen
[2012.07.08 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Hilde\Desktop\Hochzeitsvorbereitungen Jule und Thorsten
[2012.07.05 23:43:07 | 000,000,000 | -HSD | C] -- C:\found.023
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.31 14:09:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.31 13:03:38 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Hilde\Desktop\OTL.exe
[2012.07.31 10:10:33 | 000,017,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 10:10:33 | 000,017,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.31 10:02:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 10:02:47 | 803,786,752 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 11:13:52 | 000,027,043 | ---- | M] () -- C:\Users\Hilde\Desktop\Desktop.zip
[2012.07.25 00:49:21 | 000,100,864 | ---- | M] (GMER) -- C:\ugloipob.sys
[2012.07.25 00:20:11 | 000,000,000 | ---- | M] () -- C:\Users\Hilde\defogger_reenable
[2012.07.23 17:53:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.23 16:14:21 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.07.17 21:13:28 | 000,274,579 | ---- | M] () -- C:\Users\Hilde\Desktop\wohngeld_mietzuschuss.pdf
[2012.07.13 01:45:47 | 000,347,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.09 18:02:57 | 000,658,186 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 18:02:57 | 000,618,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 18:02:57 | 000,131,686 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 18:02:57 | 000,107,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.25 11:13:00 | 000,027,043 | ---- | C] () -- C:\Users\Hilde\Desktop\Desktop.zip
[2012.07.25 00:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Hilde\defogger_reenable
[2012.07.23 17:53:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 21:13:28 | 000,274,579 | ---- | C] () -- C:\Users\Hilde\Desktop\wohngeld_mietzuschuss.pdf
[2011.06.21 08:00:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.13 17:02:00 | 000,009,071 | ---- | C] () -- C:\Users\Hilde\.recently-used.xbel
[2010.12.11 18:13:53 | 000,001,459 | ---- | C] () -- C:\Users\Hilde\gsview32.ini
[2010.11.12 18:23:07 | 000,000,337 | ---- | C] () -- C:\Users\Hilde\AppData\Local\Perfmon.PerfmonCfg
[2010.09.27 14:02:16 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.27 14:02:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.09.21 00:17:17 | 000,034,693 | ---- | C] () -- C:\Windows\scunin.dat
[2010.08.22 13:27:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.03 01:37:11 | 000,001,604 | ---- | C] () -- C:\Users\Hilde\AppData\Roaming\gnuplot_history
 
========== LOP Check ==========
 
[2012.03.03 01:15:39 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Amazon
[2011.04.23 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Audacity
[2012.04.02 00:22:43 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Babylon
[2011.04.23 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.23 00:29:31 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\DynaGeo
[2010.04.17 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\ImgBurn
[2011.05.25 17:55:23 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\inkscape
[2010.11.21 01:05:37 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Miranda
[2010.04.15 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\OpenOffice.org
[2010.10.07 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\OriginLab
[2010.04.13 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\ScummVM
[2010.10.03 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\SumatraPDF
[2010.04.16 16:37:05 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\TeamViewer
[2010.04.11 22:22:24 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Thunderbird
[2012.07.23 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\TuneUp Software
[2010.09.27 14:11:10 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Ubisoft
[2012.07.04 11:06:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.25 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Adobe
[2012.03.03 01:15:39 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Amazon
[2011.04.23 19:12:45 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Audacity
[2012.04.02 00:22:43 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Babylon
[2011.10.15 05:35:34 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\dvdcss
[2011.04.23 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.23 00:29:31 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\DynaGeo
[2010.04.11 21:25:29 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Identities
[2010.04.17 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\ImgBurn
[2011.05.25 17:55:23 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\inkscape
[2012.07.25 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Macromedia
[2012.07.23 17:53:40 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Malwarebytes
[2011.05.23 01:48:34 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Mathematica
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Media Center Programs
[2011.06.16 17:53:21 | 000,000,000 | --SD | M] -- C:\Users\Hilde\AppData\Roaming\Microsoft
[2010.10.03 19:59:06 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\MiKTeX
[2010.11.21 01:05:37 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Miranda
[2010.04.11 21:29:04 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Mozilla
[2010.04.15 22:03:46 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\OpenOffice.org
[2010.10.07 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\OriginLab
[2010.04.13 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\ScummVM
[2012.07.25 18:53:18 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Skype
[2012.07.25 18:46:24 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\skypePM
[2010.10.03 20:17:38 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\SumatraPDF
[2010.04.16 16:37:05 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\TeamViewer
[2010.04.11 22:22:24 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Thunderbird
[2012.07.23 16:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\TuneUp Software
[2010.09.27 14:11:10 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Ubisoft
[2012.06.09 14:42:45 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.03.25 23:08:04 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Hilde\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\afm2afm.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\authorindex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\autoinst.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\bdftops.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\bib2xhtml.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\bibhtml.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html1.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html2.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\biokey2html3.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\birm.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\cmap2enc.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\config.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\csvtools.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dblatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbmxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dbxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\dumphint.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\eps2eps.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\escontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\eslatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\esmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\estex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\estexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\esxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\feynmf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\fig4latex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\findhyph.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixmswrd.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\fixwada2.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2afm.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\font2c.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsbj.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsdj500.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslj.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gslp.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsnd.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gsndt.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gssetgs.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gst.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\gstt.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ht.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\htcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\htlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\htmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\httex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\httexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\htxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ibyhyph.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1context.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1latex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1mex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1tex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1texi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jh1xetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jhxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jkpexa.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jmxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jscontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jslatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jstexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\jsxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-fast.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-so.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff-vc.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexdiff.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexmk.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\latexrevise.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\lp386r2.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpgs.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\lpr2.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeglossaries.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\makeuniwada.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\merge.exe
[2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-taskbar-icon.exe
[2009.09.23 16:47:53 | 001,234,432 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update.exe
[2009.09.23 16:47:53 | 001,234,944 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\miktex-update_admin.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mk4ht.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mkt1font.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mm.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mztexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\mzxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\nts.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\oocontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\oolatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\oomex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ootexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ooxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\orderrefs.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ot2kpx.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2dsc.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdf2ps.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfatfi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfcrop.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pdfopt.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pedigree.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\perltex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pf2afm.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfbtopfa.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pfm2kpx.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pftogsf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\plind.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pn2pdf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ascii.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2epsi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf12.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf13.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdf14.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2pdfxx.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps2ps2.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\ps4pdf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\pst2pdf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\rcsinfo.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\showglyphs.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\splitindex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\svn-multi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teicontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teilatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teimxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teitexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\teixetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\texcount.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdiff.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\texdirflatten.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\texshow.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\thumbpdf.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\urlbst.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\uxhxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2ovp.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\vpl2vpl.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmakebat.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\wxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xdv2pdf_mergemarks.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmcontext.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmlatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmmex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhmxetex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhtexi.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxelatex.exe
[2009.10.03 20:02:05 | 000,022,528 | ---- | M] () -- C:\Users\Hilde\AppData\Roaming\MiKTeX\2.8\miktex\bin\xhxetex.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
<           >

< End of report >
         
LG

Alt 31.07.2012, 14:55   #8
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe 
PRC - [2012.05.04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe 
SRV - [2012.07.23 16:14:10 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5) 
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111378&babsrc=SP_ss&mntrId=40517db30000000000000040d0a474c6 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{86BED112-CFE1-4D22-BE45-637C306DD91A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=dsp&q={searchTerms} 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 
IE - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_ptnrs=&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43&apn_dtid=OSJ000&&q=" 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012.07.23 16:15:17 | 000,000,000 | ---D | M] 
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) 
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKU\S-1-5-21-3054361464-688899464-1391419043-1001\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) 
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.) 
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell - "" = AutoRun 
O33 - MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\Shell\AutoRun\command - "" = D:\XA.EXE redirect.htm 
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell - "" = AutoRun 
O33 - MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\Shell\AutoRun\command - "" = F:\SETUP.EXE 
NetSvcs: FastUserSwitchingCompatibility - File not found 
NetSvcs: Nla - File not found 
NetSvcs: Ntmssvc - File not found 
NetSvcs: NWCWorkstation - File not found 
NetSvcs: Nwsapagent - File not found 
NetSvcs: SRService - File not found 
NetSvcs: WmdmPmSp - File not found 
NetSvcs: LogonHours - File not found 
NetSvcs: PCAudit - File not found 
NetSvcs: helpsvc - File not found 
NetSvcs: uploadmgr - File not found 

[2012.07.23 16:06:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} 
[2012.07.23 16:06:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files 
[2012.03.19 14:58:10 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.03.19 14:58:10 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2012.03.19 14:58:10 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012.03.19 14:58:10 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.03.19 14:58:10 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.03.19 14:58:10 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 
[2012.07.23 16:13:54 | 000,003,752 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml 
[2012.07.23 16:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search 
[2012.07.23 16:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search 
 [2012.07.23 16:15:45 | 000,000,000 | ---D | C] -- C:\Users\Hilde\AppData\Local\AVG Secure Search 
[2012.07.13 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com 
[2012.07.31 14:09:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.04.02 00:22:43 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\Babylon 
[2012.07.25 18:46:24 | 000,000,000 | ---D | M] -- C:\Users\Hilde\AppData\Roaming\skypePM
:Files


D:\XA.EXE 

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 15:09   #9
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Erledigt:

Code:
ATTFilter
All processes killed
========== OTL ==========
Process ToolbarUpdater.exe killed successfully!
No active process named Updater.exe was found!
Service vToolbarUpdater12.1.5 stopped successfully!
Service vToolbarUpdater12.1.5 deleted successfully!
C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{86BED112-CFE1-4D22-BE45-637C306DD91A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86BED112-CFE1-4D22-BE45-637C306DD91A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F253B74C-645E-4B8E-B4B9-D071BA7874F6&apn_ptnrs=&apn_sauid=0D097579-F55B-430D-8B4C-9132DFA89E43&apn_dtid=OSJ000&&q=" removed from keyword.URL
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3054361464-688899464-1391419043-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CNAP2 Launcher deleted successfully.
C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Programme\AVG Secure Search\vprot.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f0e8520-687e-11e1-8b98-da9d220af60f}\ not found.
File D:\XA.EXE redirect.htm not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ddefd00-c4df-11df-9caa-0040d0a474c6}\ not found.
File F:\SETUP.EXE not found.
FastUserSwitchingCompatibility removed from NetSvcs value successfully!
Nla removed from NetSvcs value successfully!
Ntmssvc removed from NetSvcs value successfully!
NWCWorkstation removed from NetSvcs value successfully!
Nwsapagent removed from NetSvcs value successfully!
SRService removed from NetSvcs value successfully!
WmdmPmSp removed from NetSvcs value successfully!
LogonHours removed from NetSvcs value successfully!
PCAudit removed from NetSvcs value successfully!
helpsvc removed from NetSvcs value successfully!
uploadmgr removed from NetSvcs value successfully!
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
C:\ProgramData\Common Files folder moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Program Files\AVG Secure Search\12.1.0.21 folder moved successfully.
C:\Program Files\AVG Secure Search folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\DriverInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller\12.1.5 folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
C:\Program Files\Common Files\AVG Secure Search folder moved successfully.
C:\Users\Hilde\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
C:\Users\Hilde\AppData\Local\AVG Secure Search\DNT folder moved successfully.
C:\Users\Hilde\AppData\Local\AVG Secure Search folder moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Users\Hilde\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Hilde\AppData\Roaming\skypePM folder moved successfully.
========== FILES ==========
File\Folder D:\XA.EXE not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Hilde\Desktop\cmd.bat deleted successfully.
C:\Users\Hilde\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hilde
->Temp folder emptied: 247871834 bytes
->Temporary Internet Files folder emptied: 38769215 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 101992752 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 141940 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2515252 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 373,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Hilde
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_150215

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000001311A078625B33EA4 not found!

PendingFileRenameOperations files...
[2009.07.14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) C:\Windows\System32\mctadmin.exe : MD5=BBA1A5B86134F496B926DDAF247DB871
File C:\Windows\temp\TMP00000001311A078625B33EA4 not found!

Registry entries deleted on Reboot...
         

Alt 31.07.2012, 15:29   #10
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Sehr gut!


1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 17:53   #11
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Danke für deine schnelle Hilfe! Ihr seid echt super!

Vollscan mit MAM ergab keine Fehler/Viren und Co:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.30.08

Schutz: Aktiviert

31.07.2012 15:34:41
mbam-log-2012-07-31 (15-34-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335314
Laufzeit: 1 Stunde(n), 41 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
ADW-Cleaner:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 17:50:25
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Hilde - HILDE-PC
# Running from : C:\Users\Hilde\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Hilde\AppData\Local\Babylon
Folder Found : C:\Users\Hilde\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Hilde\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Hilde\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hilde\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Hilde\AppData\LocalLow\PriceGong
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=hp
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=nt

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Hilde\AppData\Roaming\Mozilla\Firefox\Profiles\l7lb6j5r.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.babExt", "");
Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=111378");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.id", "40517db30000000000000040d0a474c6");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15431");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.lastDP", 2);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.170:23:02");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 71909082);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.170:23:02");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111378");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "40517db30000000000000040d0a474c6");
Found : user_pref("extensions.BabylonToolbar_i.id", "40517db30000000000000040d0a474c6");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15431");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111378&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:23:02");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?affID=111378&babsr[...]
Found : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{for(i=0;i<5;i++){window.setTimeout([...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : {"bookmark_bar":{"show_on_all_tabs":true},"browser":{"check_default_browser":false,"ntp":{"promo_ima[...]

*************************

AdwCleaner[R1].txt - [11953 octets] - [31/07/2012 17:50:25]

########## EOF - C:\AdwCleaner[R1].txt - [12082 octets] ##########
         

Geändert von FraHi (31.07.2012 um 18:08 Uhr)

Alt 31.07.2012, 18:06   #12
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.07.2012, 20:58   #13
FraHi
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Einmal:
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/31/2012 at 19:33:04
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Hilde - HILDE-PC
# Running from : C:\Users\Hilde\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Hilde\AppData\Local\Babylon
Folder Deleted : C:\Users\Hilde\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Hilde\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Hilde\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Hilde\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Hilde\AppData\LocalLow\PriceGong
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=hp --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={6AFAD66C-D621-4AF8-A3F8-B0FE834018BF}&mid=c287475fcad247d0ae6f78f6f08611f6-aedbff8af46d1f6351514d5e2801ba14325979f9&lang=de&ds=tt014&pr=sa&d=2012-07-23 16:14:29&v=12.1.0.21&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Hilde\AppData\Roaming\Mozilla\Firefox\Profiles\l7lb6j5r.default\prefs.js

C:\Users\Hilde\AppData\Roaming\Mozilla\Firefox\Profiles\l7lb6j5r.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111378");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 2);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "40517db30000000000000040d0a474c6");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15431");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 2);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.170:23:02");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "11.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 71909082);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.170:23:02");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111378");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "40517db30000000000000040d0a474c6");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "40517db30000000000000040d0a474c6");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15431");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=111378&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:23:02");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?affID=111378&babsr[...]
Deleted : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{for(i=0;i<5;i++){window.setTimeout([...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Hilde\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : {"bookmark_bar":{"show_on_all_tabs":true},"browser":{"check_default_browser":false,"ntp":{"promo_ima[...]

*************************

AdwCleaner[R1].txt - [12084 octets] - [31/07/2012 17:50:25]
AdwCleaner[S1].txt - [12473 octets] - [31/07/2012 19:33:04]

########## EOF - C:\AdwCleaner[S1].txt - [12602 octets] ##########
         

Zweimal:
Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 31.07.2012 19:43:48

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	31.07.2012 19:45:37


Gescannt	601315
Gefunden	0

Scan Ende:	31.07.2012 20:53:40
Scan Zeit:	1:08:03
         
Da scheinst du ganze Arbeit geleistet zu haben! Nichts mehr da !

Muss ich noch etwas machen?

Alt 31.07.2012, 23:27   #14
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 04:38   #15
t'john
/// Helfer-Team
 
Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Standard

Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?
anti, anti-malware, autostart, browser, codecv, datei, dateien, explorer, gelöscht, helper, infizierte, infizierte datei, logdatei, löschen, malwarebytes, microsoft, quarantäne, scan, security, software, speicher, strg, systemwiederherstellung, taskmanager, testversion, trojaner, version



Ähnliche Themen: Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?


  1. AVIRA hat den Trojaner TR/Matsnu.G in Quarantäne verschoben, reicht das aus? Ist das System wieder sicher?
    Log-Analyse und Auswertung - 13.11.2013 (5)
  2. Bundespolizei Trojaner - Weitere Schritte nach Systemwiederherstellung
    Log-Analyse und Auswertung - 04.06.2013 (18)
  3. Bundespolizei Trojaner - Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (2)
  4. Bundespolizei Trojaner - Systemwiederherstellung
    Log-Analyse und Auswertung - 16.10.2012 (1)
  5. Bundespolizei-Trojaner mit Windows-Systemwiederherstellung bearbeitet ?
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (32)
  6. Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
    Log-Analyse und Auswertung - 20.09.2012 (47)
  7. Ich habe den Bundestrojaner und nach der Systemwiederherstellung kann ich den Laptop wieder benutzen, aber ist der Trojaner jetzt noch da?
    Log-Analyse und Auswertung - 30.08.2012 (12)
  8. Bundespolizei Virus / Trojaner vom 11.8. wirklich durch Systemwiederherstellung entfernt?
    Log-Analyse und Auswertung - 22.08.2012 (19)
  9. Bundespolizei Trojaner, Systemwiederherstellung danach Combofix, bitte um Auswertung
    Log-Analyse und Auswertung - 10.08.2012 (4)
  10. Bundespolizei-Trojaner - Systemwiederherstellung durchgeführt - Sytem sauber? logs inside
    Log-Analyse und Auswertung - 19.07.2012 (28)
  11. Laptop läuft langsam nach Bundespolizei-Trojaner trotz neuem System
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  12. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  13. Bundespolizei Trojaner nach Systemwiederherstellung noch vorhanden?
    Log-Analyse und Auswertung - 06.03.2012 (19)
  14. Bundespolizei Trojaner Systemwiederherstellung und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (30)
  15. Ist mein Laptop wieder Trojaner(bka) frei nach systemwiederherstellung?
    Log-Analyse und Auswertung - 05.01.2012 (6)
  16. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)
  17. Spybot, Antiv, Systemwiederherstellung läuft nicht mehr
    Log-Analyse und Auswertung - 10.01.2010 (3)

Zum Thema Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? - Hallo ihr Lieben, kenne mich leider nicht so gut mit Trojanern/Viren und Co aus und deshalb wende ich mich an euch. Vor ein paar Tagen hat mich ein Bundespolizei-Trojaner erwischt, - Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das?...
Archiv
Du betrachtest: Bundespolizei-Trojaner; Systemwiederherstellung vom Vortag, Pc läuft wieder; reicht das? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.