http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme

M-K-D-B · 02.02.2013, 18:05

Servus,

erst auf "Wiederholen". Sollte das nicht helfen, "Ignorieren".

Dori21 · 02.02.2013, 18:07

ok danke

Hat funktioniert mit Wiederholen

Blöd, dass man als Laie leider nicht mal so einfache Sachen allein kann.. Aber Gott sei dank gibt es dich, den Spezialisten. Gg

M-K-D-B · 02.02.2013, 18:09

Servus,

Alles klar. Ich warte auf deine nächste Antwort.

Dori21 · 02.02.2013, 18:11

Kanns länger dauern? Der grüne Balken ist zwar weitergeladen worden, aber es steht jetzt eben bei dieser Datei.. Und es steht Zielverzeichnis und nicht dekomprimiere, wie bei den Dateien davor, die ich grad sehen kann??

...und ich habe extra darauf geachtet, dass ich nicht mit der Maus an dem Fenster ankomme, wie in der Anleitung vorgeschrieben. Es hat ja weitergeladen bis zu dieser Datei von der Warnung.. Falls du das denkst

M-K-D-B · 02.02.2013, 21:46

Servus,

Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe ComboFix dort aus.

Dori21 · 03.02.2013, 08:27

Guten Morgen, in dem Menü "Erweiterte Startoptionen" steht an erster Stelle "Computer reparieren", das hab ich da noch nie gesehen

Anscheinendnidt er echt schon hinüber unser Patient gg

Ich bin jetzt noch im abgesicherten Modus

Hier die Logfiles

Code:

ATTFilter

Shortcut Cleaner 1.2.0 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Program started at: 02/02/2013 05:34:34 PM.

Searching C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DeepBurner.lnk => C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk => C:\Program Files\ImgBurn\ImgBurn.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk => C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk => C:\Windows\System32\SnippingTool.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

  * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk => C:\Program Files\Windows Live\Messenger\msnmsgr.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192

Searching C:\Users\Public\Desktop\

Searching C:\Users\Celine\Desktop\


7 bad shortcuts found.

Program finished at: 02/02/2013 05:34:38 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)

Code:

ATTFilter

 ComboFix 13-02-02.05 - Celine 03.02.2013   8:27:41.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3573.3050 [GMT 1:00]
ausgeführt von:: C:\Users\Celine\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: C:\Users\***\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\prefs.js
c:\program files\DownTangoFTbToolbar
c:\program files\DownTangoFTbToolbar\chrome\DownTangoFTbToolbar.crx
c:\program files\DownTangoFTbToolbar\InstallHelper.dll
c:\program files\DownTangoFTbToolbar\InstallHelperNet4.dll
c:\program files\DownTangoFTbToolbar\Interop.IWshRuntimeLibrary.dll
c:\program files\DownTangoFTbToolbar\search.ico
c:\program files\DownTangoFTbToolbar\setupicon.ico
c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\chrome.manifest
c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\chrome\DownTangoFTbToolbar_3192.jar
c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\components\wtb_complete.js
c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\install.js
c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\install.rdf
c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\pop.htm
c:\program files\DownTangoFTbToolbar\System.Data.SQLite.dll
c:\program files\DownTangoFTbToolbar\ToolbarUninstall.exe
c:\program files\DownTangoFTbToolbar\unins000.dat
c:\program files\DownTangoFTbToolbar\unins000.exe
c:\users\***\AppData\Local\DownTango
c:\users\***\AppData\Roaming\DownTangoFTbToolbar
c:\users\***\AppData\Roaming\DownTangoFTbToolbar\DownTangoFTbToolbar.dll
C:\Windows\system32\DEBUG.log
C:\Windows\system32\drivers\etc\hosts.ics
C:\Windows\system32\muzapp.exe
C:\Windows\wininit.ini

Die Combofix Logdatei war nicht direkt im C:/ sondern im Ordner Combofix (laut Datum und Zeit aber die aktuelle und sag mir bitte, ob ich wieder normal starten soll/kann, Danke

M-K-D-B · 03.02.2013, 10:37

Servus,

du kannst deinen Rechner wieder normal starten.

Gibt es noch Probleme mit "search.certified-toolbar" oder andere Probleme, die auf Malware hindeuten?

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Dori21 · 03.02.2013, 13:04

Meine Schutzprogramme sind jetzt durchgelaufen und beim Malware Antirebytes ist der PC plötzlich abgestürzt. Es gab zum Auswählen der Partitionen Windows Vista, hab ich ausgesucht und dann war wieder zum auswählen ob abgesicherter Modus oder nicht. Jetzt lass ich die Programme nochmal in dem Modus durchlaufen. Es kam auch eine Meldung, dass der PC unerwartet heruntergefahren wurde und wenn es eine Lösung gibt, ich Bescheid bekomme.

M-K-D-B · 03.02.2013, 13:39

Servus,

Zitat:

Zitat von Dori21

Meine Schutzprogramme sind jetzt durchgelaufen und beim Malware Antirebytes ist der PC plötzlich abgestürzt. Es gab zum Auswählen der Partitionen Windows Vista, hab ich ausgesucht und dann war wieder zum auswählen ob abgesicherter Modus oder nicht. Jetzt lass ich die Programme nochmal in dem Modus durchlaufen. Es kam auch eine Meldung, dass der PC unerwartet heruntergefahren wurde und wenn es eine Lösung gibt, ich Bescheid bekomme.

möchtest du die Bereinigung nun zu Ende machen oder nicht?

Wenn ja, führe OTL wie beschrieben aus.
Wenn nicht und du selber "rumdokern" willst, dann können wir das Thema hier ja zu machen.

Dori21 · 03.02.2013, 14:50

Hallo, ja natürlich möchte ich die Bereinigung zu Ende machen. Meine Antivirusprogramme starten von alleine, nach einer gewissen Zeit. Ich habe die Programme nicht mehr im abgesicherten Modus laufen lassen, und OTL habe ich heute gleich, nachdem du mir geschrieben hattest durchlaufen lassen, UND gepostet, aber wie man sieht, hat es nicht funktioniert. vlt weil ich es im abgesicherten Modus gemacht habe.. anbei das Logfile:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.02.2013 11:11:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,28% Memory free
7,16 Gb Paging File | 5,95 Gb Available in Paging File | 83,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 1,09 Gb Free Space | 1,87% Space Free | Partition Type: NTFS
Drive E: | 863,15 Gb Total Space | 653,51 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.01.26 16:13:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celine\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.02.03 10:02:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.02.03 08:36:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 09:05:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.02.03 08:25:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.02 17:31:55 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe
[2013.02.02 11:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.02 11:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.02 11:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 20:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.01.28 20:46:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.01.28 20:17:06 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.24 13:57:29 | 000,033,616 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Celine\Desktop\OTL.exe
[2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
[2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 11:02:41 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.03 10:07:48 | 000,674,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.03 10:07:48 | 000,634,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.03 10:07:48 | 000,145,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.03 10:07:48 | 000,119,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.03 10:01:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 10:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 09:58:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.03 08:36:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.02 19:12:05 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2013.02.02 17:32:50 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.02.02 17:31:56 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\sc-cleaner.exe
[2013.02.01 08:13:05 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.30 08:57:47 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.28 20:02:09 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.24 15:16:43 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup
[2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.02 11:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.02 11:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.02 11:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.02 11:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.28 20:02:09 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.24 15:16:43 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk
[2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat
[2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services
[2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema
[2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters
[2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl
[2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db
[2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc
[2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.24 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING
[2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper
[2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner
[2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts
[2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price
[2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data
[2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at
[2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft
[2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee
[2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D
[2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza
[2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod
[2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft
[2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT
[2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

Und ich möchte nicht selbst rumdoktern, ich habe dir sogar noch weitere Fragen gestellt. Ich habe geantwortet, dass das Cerifield Toolbar weg ist, genauso Ask Toolbar, Down Tango usw.

Meine Frage war was mit Samsung Kies und HPSupply ist, weil das noch in der Systemsteuerung ist und ich sonst keine weiteren Probleme in der Art habe.

Meine zweite Frage war, warum der Flashpalyer nicht mehr geht, obwohl die aktuellste Version auf dem PC ist...

Hallo, ja natürlich möchte ich die Bereinigung zu Ende machen. Meine Antivirusprogramme starten von alleine, nach einer gewissen Zeit. Ich habe die Programme nicht mehr im abgesicherten Modus laufen lassen, und OTL habe ich heute gleich, nachdem du mir geschrieben hattest durchlaufen lassen, UND gepostet, aber wie man sieht, hat es nicht funktioniert. vlt weil ich es im abgesicherten Modus gemacht habe.. anbei das Logfile:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.02.2013 11:11:15 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,28% Memory free
7,16 Gb Paging File | 5,95 Gb Available in Paging File | 83,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 1,09 Gb Free Space | 1,87% Space Free | Partition Type: NTFS
Drive E: | 863,15 Gb Total Space | 653,51 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.01.26 16:13:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celine\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.02.03 10:02:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.02.03 08:36:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 09:05:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.02.03 08:25:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.02 17:31:55 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe
[2013.02.02 11:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.02 11:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.02 11:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 20:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.01.28 20:46:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.01.28 20:17:06 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.24 13:57:29 | 000,033,616 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Celine\Desktop\OTL.exe
[2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
[2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 11:02:41 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.03 10:07:48 | 000,674,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.03 10:07:48 | 000,634,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.03 10:07:48 | 000,145,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.03 10:07:48 | 000,119,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.03 10:01:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 10:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 09:58:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.03 08:36:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.02 19:12:05 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2013.02.02 17:32:50 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.02.02 17:31:56 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\sc-cleaner.exe
[2013.02.01 08:13:05 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.30 08:57:47 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.28 20:02:09 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.24 15:16:43 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup
[2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.02 11:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.02 11:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.02 11:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.02 11:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.28 20:02:09 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.24 15:16:43 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk
[2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat
[2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services
[2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema
[2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters
[2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl
[2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db
[2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc
[2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.24 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING
[2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper
[2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner
[2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts
[2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price
[2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data
[2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at
[2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft
[2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee
[2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D
[2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza
[2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod
[2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft
[2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT
[2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

--- --- ---

Und ich möchte nicht selbst rumdoktern, ich habe dir sogar noch weitere Fragen gestellt. Ich habe geantwortet, dass das Cerifield Toolbar weg ist, genauso Ask Toolbar, Down Tango usw.

Meine Frage war was mit Samsung Kies und HPSupply ist, weil das noch in der Systemsteuerung ist und ich sonst keine weiteren Probleme in der Art habe.

Meine zweite Frage war, warum der Flashpalyer nicht mehr geht, obwohl die aktuellste Version auf dem PC ist...

Schau das ist doch ein "Ka***".. Jetzt ist es dafür gleich wieder 2x gepostet, ich verstehe nicht, warum das immer hängt und spinnt

Ich drücke nur 1x auf Antworten, warte ob man es sieht und wenn nicht, dann erst ein 2x.

Das einzige was sonst noch auftritt ist, dass ich nur durch aktualisieren der Seite sehe, dass ich eingeloggt bin..

Das ist halt auch ziemlich nervig, dass die Seite nicht normal ladet nachdem ich meine Zugansdaten eingegeben habe!

M-K-D-B · 04.02.2013, 09:05

Servus,

Zitat:

eine Frage war was mit Samsung Kies und HPSupply ist, weil das noch in der Systemsteuerung ist und ich sonst keine weiteren Probleme in der Art habe.

Diese Software ist nicht schädlich. Wenn du dir sicher bist, dass du sie nicht mehr benötigst, kannst du sie auch deinstallieren.

Zitat:

Meine zweite Frage war, warum der Flashpalyer nicht mehr geht, obwohl die aktuellste Version auf dem PC ist...

OTL zeigt den Flash Player in Firefox z. B. nicht an. Daher solltest du die aktuelle Version einfach nochmal installieren.

Warum du solche Probleme mit dem Forum hier hast, ist schon etwas komisch.

Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.

Schritt 2

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
[2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- %appdata%\APP_NAME_NON_STRING
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:commands
[Emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 4

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 5
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:

Bitte besuche diese Seite von Adobe.
Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
Installiere die neuste Version auf deinem Computer.

Schritt 6
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Dori21 · 04.02.2013, 15:48

Hallo, die zwei Softwareprogramme lassen sich nicht deinstallieren, das ist ja das Problem

Ich habe sie schon mehrmals deinstalliert, beim Samsung Kies zb. stand auch "Deinstallation erfolgreich", beim HPPSupply kommt immer eine Fehlermeldung von vornherein

CCleaner ist brav deinstalliert

(Dieser hatte sich sowieso von alleine geschlossen beim letzten mal, als ich eine Reinigung starten wollte)

Ich habe über die Adobeseite (auf deinem Link und nach deiner Anleitung) den Flashplayer 11runtergeladen, allerdings habe ich den schon vorher 3x runtergeladen und installiert (deswegen habe ich ja gesagt, dass ich die aktuellste Version habe-->Systemsteuerung im Anhang)

ABER:
Er geht allerdings noch immer nicht!

Beispiel: In Facebook spiele ich "Candy Crush Saga".. seit das mit dem Certified Toolbar war, schrieb dort die Seite, dass ich eine neuere Version vom Flashplayer benötige, dort habe ich dann immer die aktuelle runtergeladen, aber wie gesagt, Deinstallation wurde als erfolgreich angezeigt, aber es funktionierte trotzdem nie und davor schon, und das ohne Probleme

Hier die Logfiles:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango folder moved successfully.
C:\Program Files\Red Sky folder moved successfully.
C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING\Logs folder moved successfully.
C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING folder moved successfully.
ADS C:\ProgramData\TEMP:D3A96964 deleted successfully.
ADS C:\ProgramData\TEMP:D287FACF deleted successfully.
ADS C:\ProgramData\TEMP:D0894A08 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: ***
->Temp folder emptied: 1752490 bytes
->Temporary Internet Files folder emptied: 5988699 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 291 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx5
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1279639 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2214 bytes
RecycleBin emptied: 930639149 bytes
 
Total Files Cleaned = 896,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_103834

Files\Folders moved on Reboot...
File move failed. C:\Windows\SE2E046BA.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
***: *** [Administrator]

04.02.2013 10:47:02
mbam-log-2013-02-04 (10-47-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350754
Laufzeit: 6 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dori21 · 04.02.2013, 15:49

Hallo, die zwei Softwareprogramme lassen sich nicht deinstallieren, das ist ja das Problem

Ich habe sie schon mehrmals deinstalliert, beim Samsung Kies zb. stand auch "Deinstallation erfolgreich", beim HPPSupply kommt immer eine Fehlermeldung von vornherein

CCleaner ist brav deinstalliert

(Dieser hatte sich sowieso von alleine geschlossen beim letzten mal, als ich eine Reinigung starten wollte)

Ich habe über die Adobeseite (auf deinem Link und nach deiner Anleitung) den Flashplayer 11runtergeladen, allerdings habe ich den schon vorher 3x runtergeladen und installiert (deswegen habe ich ja gesagt, dass ich die aktuellste Version habe-->Systemsteuerung im Anhang)

ABER:
Er geht allerdings noch immer nicht!

Beispiel: In Facebook spiele ich "Candy Crush Saga".. seit das mit dem Certified Toolbar war, schrieb dort die Seite, dass ich eine neuere Version vom Flashplayer benötige, dort habe ich dann immer die aktuelle runtergeladen, aber wie gesagt, Deinstallation wurde als erfolgreich angezeigt, aber es funktionierte trotzdem nie und davor schon, und das ohne Probleme

Hier die Logfiles:

Code:

ATTFilter

 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango folder moved successfully.
C:\Program Files\Red Sky folder moved successfully.
C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING\Logs folder moved successfully.
C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING folder moved successfully.
ADS C:\ProgramData\TEMP:D3A96964 deleted successfully.
ADS C:\ProgramData\TEMP:D287FACF deleted successfully.
ADS C:\ProgramData\TEMP:D0894A08 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: ***
->Temp folder emptied: 1752490 bytes
->Temporary Internet Files folder emptied: 5988699 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 291 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx3
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Mcx5
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1279639 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2214 bytes
RecycleBin emptied: 930639149 bytes
 
Total Files Cleaned = 896,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_103834

Files\Folders moved on Reboot...
File move failed. C:\Windows\SE2E046BA.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
***: *** [Administrator]

04.02.2013 10:47:02
mbam-log-2013-02-04 (10-47-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350754
Laufzeit: 6 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=6e59c09851f7bd4e9dc3653542408a1f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-04 12:27:12
# local_time=2013-02-04 01:27:12 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 99 2259746 122577417 0 0
# compatibility_mode=5892 16776638 100 100 202032 197513560 0 0
# scanned=212391
# found=3
# cleaned=0
# scan_time=8008
C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger29.zip	Win32/Bagle.gen.zip worm	ADE3F8BBD426EDEF05050E88C533E5587923E9D9	I
C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger29.zip	Win32/Bagle.gen.zip worm	ADE3F8BBD426EDEF05050E88C533E5587923E9D9	I
M:\Schule\Hira USBSTICK\autorun.inf	INF/Autorun worm	C4D445BF1D58420B488BEE1B98D5430C96B03BF9	I

Code:

ATTFilter

  Results of screen317's Security Check version 0.99.57  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 Java 7 Update 7  
 Java(TM) SE Development Kit 6 Update 13 
 Java DB 10.4.1.3   
 Java version out of Date! 
 Adobe Reader 9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Hi, es ist jetzt schon zum 3x passiert, dass diese Seite hier, nachdem ich etwas gepostet habe ständig "geflackert" hat, als würds hängen und wieder versuchen sich aufzubauen..

Könntest du mir einen Gefallen tun? Kann man jeden doppelten Post löschen? Ich kann ja das leider nicht

Mich stört das ur, hoffe, dass das geht!

Danke lg

M-K-D-B · 04.02.2013, 17:34

Servus,

vielen Dank für deine Erläuterungen, jetzt verstehe ich dich besser.

Und dank deines Screenshots kann ich dir sagen, dass du zwar den Flash Player für den Internet Explorer installiert hast, aber nicht für Firefox:
Adobe Flash Player 11 Active X <<--- Das ist für den Internet Explorer

Du hast dir anscheinend nur immer den Flash Player für den Internet Explorer heruntergeladen, nicht aber für Firefox, kann das sein?

Ich hab da mal eine Frage: Was ist Laufwerk M? Ein USB-Stick, oder?

Zitat:

M:\Schule\Hira USBSTICK\autorun.inf

Der Stick ist infiziert.

Wenn wir Pech haben, hast du damit deinen Rechner wieder infiziert...

Schließe deinen USB-Stick an den Rechner an. Vergewissere dich unter Start > Computer, dass der Stick als Laufwerk M erkannt wird, sonst wird der Fix nicht funktionieren:

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:files
M:\Schule\Hira USBSTICK\autorun.inf

:Commands
[reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Anschließend nochmal ein OTL-Scan:

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Dori21 · 04.02.2013, 21:06

Hi. Bei deiner letzten Anleitung stand, dass ich alle externen Festplatten (M ist eine externe) und USB Sticks anstecken soll, das habe ich getan.. Tut mir leid, falls jetzt wieder Viren drauf sind.

Ich verwende NUR den Internet Explorer, ich mag den Firefox nicht. Brauche ich das extra dort auch den Flashplayer? Bis jetzt habe ich auf das nie geachtet, bzw. wusste es nicht.

Hier die Files:

Code:

ATTFilter

 ========== FILES ==========
M:\Schule\Hira USBSTICK\autorun.inf moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_193327

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.02.2013 19:42:30 - Run 4***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 64,77% Memory free
7,16 Gb Paging File | 6,15 Gb Available in Paging File | 85,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 0,92 Gb Free Space | 1,58% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 0,59 Gb Free Space | 0,20% Space Free | Partition Type: NTFS
Drive E: | 863,15 Gb Total Space | 653,51 Gb Free Space | 75,71% Space Free | Partition Type: NTFS
Drive K: | 7,39 Gb Total Space | 7,39 Gb Free Space | 99,88% Space Free | Partition Type: FAT32
Drive L: | 29,80 Gb Total Space | 4,30 Gb Free Space | 14,42% Space Free | Partition Type: FAT32
Drive M: | 931,51 Gb Total Space | 0,02 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\***\Celine\Desktop\OTL.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.02.04 14:45:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130204.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130204.004\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.02.04 19:40:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2013.02.03 08:36:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.31 09:35:30 | 000,000,102 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 11:10:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2013.02.04 10:38:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.03 09:05:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp
[2013.02.03 08:25:20 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.02.02 17:31:55 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe
[2013.02.02 11:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.02 11:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.02 11:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.28 20:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.28 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.01.28 20:46:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.01.28 20:17:06 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.24 13:57:29 | 000,033,616 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys
[2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 19:43:46 | 000,674,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.04 19:43:46 | 000,634,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.04 19:43:46 | 000,145,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.04 19:43:46 | 000,119,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.04 19:38:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 19:38:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 19:37:08 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.04 19:37:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.04 19:36:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 19:33:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.02.04 19:28:00 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2013.02.04 19:10:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 15:38:20 | 000,194,756 | ---- | M] () -- C:\Users\***\Desktop\Systemsteuerung.jpg
[2013.02.04 14:45:08 | 000,881,914 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2013.02.04 11:10:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2013.02.03 20:12:07 | 000,001,968 | ---- | M] () -- C:\{02077D6C-6EC6-4C0D-AA47-A45313B50F93}
[2013.02.03 12:52:43 | 524,283,061 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.03 08:36:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.02 17:32:50 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.02.02 17:31:56 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe
[2013.02.01 08:13:05 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.30 08:57:47 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.28 20:02:09 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.24 15:16:43 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup
[2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.04 15:38:20 | 000,194,756 | ---- | C] () -- C:\Users\***\Desktop\Systemsteuerung.jpg
[2013.02.04 14:45:08 | 000,881,914 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2013.02.03 20:12:06 | 000,001,968 | ---- | C] () -- C:\{02077D6C-6EC6-4C0D-AA47-A45313B50F93}
[2013.02.03 12:52:43 | 524,283,061 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.02 11:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.02 11:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.02 11:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.02 11:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.28 20:02:09 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.24 15:16:43 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk
[2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\Celine\AppData\Roaming\mbam.context.scan
[2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat
[2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services
[2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema
[2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters
[2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl
[2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db
[2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc
[2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.24 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper
[2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner
[2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts
[2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price
[2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data
[2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at
[2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft
[2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee
[2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D
[2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza
[2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod
[2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft
[2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT
[2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID

< End of report >

--- --- ---

PS: Ist es normal, dass jetzt dieser Virus (Datei) von dem Ordner vom M in dem Ordner vom OTL ist? Das waren Dateien von einer Freundin (Hira) ihren USB Stick, die ich noch immer gespeichert habe.

Ist diese Autorun-Datei immer ein Virus? Ich hab manchmal das am USB Stick und dann lösch ich das einfach immer..

Wegen Flash Player.. bei Myvideo zb. gehts auch nicht, dafür aber in Youtube schon..das ist alles bisschen komisch, ich verstehs nicht warum!

Obwohl ich für Firefox auch schon den Player installiert habe!

02.02.2013, 18:05	#16
M-K-D-B /// TB-Ausbilder	http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, erst auf "Wiederholen". Sollte das nicht helfen, "Ignorieren".

02.02.2013, 18:09	#18
M-K-D-B /// TB-Ausbilder	http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, Alles klar. Ich warte auf deine nächste Antwort. __________________

02.02.2013, 21:46	#20
M-K-D-B /// TB-Ausbilder	http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe ComboFix dort aus.

03.02.2013, 10:37	#22
M-K-D-B /// TB-Ausbilder	http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, du kannst deinen Rechner wieder normal starten. Gibt es noch Probleme mit "search.certified-toolbar" oder andere Probleme, die auf Malware hindeuten? Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread.

http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme

Plagegeister aller Art und deren Bekämpfung: http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme