Iexplore.exe 32 im Taskmanager startet sich selbst 3 mal /

markusg · 19.02.2013, 12:56

Hi, lösche alle Kookies und mit PUP (potentially unwanted) gekennzeichneten mit Hitmanpro.
Starte neu, poste ein neues OTL log

akakesios · 19.02.2013, 15:38

OTL Log nach Löschung mit Hitmanpro:

Code:

ATTFilter

OTL logfile created on: 19.02.2013 15:22:13 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,22% Memory free
9,99 Gb Paging File | 8,92 Gb Available in Paging File | 89,35% Paging File free
Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 6,16 Gb Free Space | 2,16% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 7,23 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.17 06:11:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.23 23:59:40 | 001,924,096 | ---- | M] () -- C:\Windows\AutoKMS\AutoKMS.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.07.24 18:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009.07.23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009.07.23 11:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NlsSrv32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.23 11:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.05.13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013.02.18 21:52:19 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.16 12:01:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.02.23 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.23 17:37:42 | 000,641,832 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.23 13:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)
SRV - [2009.03.02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Start_Pending] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.08.03 20:38:05 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.06.28 21:37:52 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.10.14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.26 20:49:28 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2011.05.13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.03.23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.01 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008.06.17 08:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
IE - HKCU\..\SearchScopes,DefaultScope = {04C168DE-3056-4DD3-A997-227ADB753E50}
IE - HKCU\..\SearchScopes\{04C168DE-3056-4DD3-A997-227ADB753E50}: "URL" = hxxp://www.google.de/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.faz.net"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://www.ergative.com/search.php?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.19 12:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.10 22:45:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.16 12:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.16 12:01:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 21:36:01 | 000,000,000 | ---D | M]
 
[2012.09.04 10:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.02.18 22:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\71bm362o.default\extensions
[2013.01.20 18:18:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\71bm362o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.01.16 22:08:03 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.01.29 16:28:54 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.09.04 10:48:38 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\71bm362o.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2013.02.16 12:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.02.16 12:01:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.11.06 17:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009.11.06 17:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013.02.10 13:44:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.11 13:23:14 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
[2013.02.10 13:44:35 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2013.02.16 22:17:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/emsisoft_webscan.cab (Emsisoft Web Malware Scan)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1003CBEC-F7D5-466D-B0DF-23B5A3219CAA}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7970C-4514-485A-9B59-A6C32002E811}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD92F0B3-F6AE-42E5-A2EB-250EB86FA7E6}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.19 14:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.02.19 00:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.02.19 00:15:41 | 009,754,024 | ---- | C] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe
[2013.02.18 22:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.18 21:52:19 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.18 21:52:18 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.17 10:55:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.02.17 10:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.02.17 10:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013.02.17 06:16:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.02.17 06:11:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.16 22:18:01 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.02.16 22:00:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.16 22:00:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.16 22:00:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.16 21:40:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.16 20:58:13 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Windows\SysNative\remover.exe
[2013.02.16 20:45:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.02.16 20:15:02 | 000,024,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi_copy.sys
[2013.02.16 20:03:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics
[2013.02.16 12:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.14 20:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6
[2013.02.14 20:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6
[2013.02.13 13:16:57 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Scans
[2013.02.13 12:27:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 12:27:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 12:27:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 12:27:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 12:27:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 12:27:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 12:27:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 12:27:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 12:27:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 12:27:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 12:27:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 12:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 12:27:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 12:27:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 12:27:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 11:57:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 11:57:10 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 11:57:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 11:56:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 11:56:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 11:56:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 11:56:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 11:56:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 11:56:50 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 11:56:47 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.12 23:24:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kirsten Meyer
[2013.02.12 21:38:55 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kristina Simona Montagova
[2013.02.12 21:24:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Erfolgreich recherchieren
[2013.02.10 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DDMSettings
[2013.02.10 22:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.02.10 22:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.02.10 22:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.02.06 12:54:54 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 12:54:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 12:54:36 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 12:54:36 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.27 02:14:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wie wir leben wollen
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.19 15:26:25 | 000,026,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 15:26:25 | 000,026,192 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.19 15:22:22 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.02.19 15:20:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.19 15:18:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.19 15:18:37 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.19 15:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.19 14:58:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.19 01:01:10 | 001,668,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.19 01:01:10 | 000,717,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.19 01:01:10 | 000,669,236 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.19 01:01:10 | 000,157,550 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.19 01:01:10 | 000,128,960 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.19 00:34:47 | 000,090,774 | ---- | M] () -- C:\Users\***\Desktop\Dr._Dre_Still_Remake_-_CodgerBeatz.flp
[2013.02.19 00:29:03 | 009,754,024 | ---- | M] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe
[2013.02.18 22:40:38 | 000,479,149 | ---- | M] () -- C:\Users\***\Desktop\PAROLE_2.flp
[2013.02.18 22:11:10 | 000,587,671 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner0.exe
[2013.02.18 21:52:19 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.18 21:52:18 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.18 14:40:06 | 000,076,271 | ---- | M] () -- C:\Users\***\Desktop\PAROLE.flp
[2013.02.17 06:11:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.02.16 22:17:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.16 21:24:12 | 000,007,602 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2013.02.16 20:53:20 | 000,024,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\atapi_copy.sys
[2013.02.16 16:09:02 | 000,010,639 | ---- | M] () -- C:\Users\***\Desktop\xaraju_elster_2048.pfx
[2013.02.15 18:03:08 | 034,397,496 | ---- | M] () -- C:\Users\***\Desktop\adastra neu.wav
[2013.02.13 13:02:18 | 000,196,915 | ---- | M] () -- C:\Windows\hpoins39.dat
[2013.02.13 12:47:58 | 004,992,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 01:14:32 | 000,000,087 | ---- | M] () -- C:\Windows\SysWow64\ssprs.tgz
[2013.02.13 01:08:44 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2013.02.13 00:01:17 | 000,292,255 | ---- | M] () -- C:\Users\***\Desktop\Ingrid Ferran - Über den Neid. Eine phänomenologische Untersuchung.pdf
[2013.02.12 18:53:36 | 001,855,352 | ---- | M] () -- C:\Users\***\Desktop\Über das Symbol des Todes in Thomas Bernhards Lyrik.pdf
[2013.02.12 14:58:43 | 000,000,278 | ---- | M] () -- C:\Users\***\Desktop\oldenbourg-link - Journal - Table of Contents.url
[2013.02.06 12:54:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.06 12:54:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.06 12:54:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.06 12:54:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.06 12:54:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.06 12:54:18 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.03 20:36:47 | 000,251,185 | ---- | M] () -- C:\Users\***\Desktop\Ulrich Seidl - Ein Blick in die Hölle.pdf
[2013.01.27 02:59:05 | 000,000,014 | ---- | M] () -- C:\Windows\SysWow64\tmpPrst.tgz
[2013.01.24 01:13:34 | 000,420,065 | ---- | M] () -- C:\Users\***\Desktop\Poststrukturalismus - Systemtheorie.pdf
[2013.01.22 18:20:06 | 000,141,733 | ---- | M] () -- C:\Users\***\Desktop\Marshall McLuhan - Das Medium ist die Botschaft.pdf
 
========== Files Created - No Company Name ==========
 
[2013.02.19 00:34:47 | 000,090,774 | ---- | C] () -- C:\Users\***\Desktop\Dr._Dre_Still_Remake_-_CodgerBeatz.flp
[2013.02.18 22:11:10 | 000,587,671 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner0.exe
[2013.02.18 21:52:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.18 16:42:50 | 000,010,639 | ---- | C] () -- C:\Users\***\Desktop\xaraju_elster_2048.pfx
[2013.02.18 14:40:09 | 000,479,149 | ---- | C] () -- C:\Users\***\Desktop\PAROLE_2.flp
[2013.02.18 14:22:15 | 000,076,271 | ---- | C] () -- C:\Users\***\Desktop\PAROLE.flp
[2013.02.16 22:00:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.16 22:00:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.16 22:00:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.16 22:00:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.16 22:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.15 19:31:31 | 034,397,496 | ---- | C] () -- C:\Users\***\Desktop\adastra neu.wav
[2013.02.13 00:01:17 | 000,292,255 | ---- | C] () -- C:\Users\***\Desktop\Ingrid Ferran - Über den Neid. Eine phänomenologische Untersuchung.pdf
[2013.02.12 18:59:59 | 357,307,383 | ---- | C] () -- C:\Users\***\Desktop\Wörterbuch der Kollokationen.pdf
[2013.02.12 18:53:36 | 001,855,352 | ---- | C] () -- C:\Users\***\Desktop\Über das Symbol des Todes in Thomas Bernhards Lyrik.pdf
[2013.02.12 14:58:56 | 000,000,278 | ---- | C] () -- C:\Users\***\Desktop\oldenbourg-link - Journal - Table of Contents.url
[2013.02.03 20:36:45 | 000,251,185 | ---- | C] () -- C:\Users\***\Desktop\Ulrich Seidl - Ein Blick in die Hölle.pdf
[2013.01.27 02:59:05 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\tmpPrst.tgz
[2013.01.24 01:13:34 | 000,420,065 | ---- | C] () -- C:\Users\***\Desktop\Poststrukturalismus - Systemtheorie.pdf
[2013.01.22 18:20:06 | 000,141,733 | ---- | C] () -- C:\Users\***\Desktop\Marshall McLuhan - Das Medium ist die Botschaft.pdf
[2012.07.05 02:54:49 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdce.ini
[2012.07.05 02:53:07 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdih.ini
[2012.07.05 02:53:02 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdko.ini
[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdpe.ini
[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdmk.ini
[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdhj.ini
[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdfg.ini
[2012.07.05 02:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdai.ini
[2012.07.05 02:16:25 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.07.05 02:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.07.05 02:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.07.05 01:32:01 | 000,000,099 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2012.05.30 11:20:34 | 000,001,083 | ---- | C] () -- C:\Windows\lightworks.ini
[2012.05.28 20:33:58 | 000,000,205 | ---- | C] () -- C:\Users\***\.swfinfo
[2012.05.10 23:11:57 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2012.04.12 22:04:56 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.03.20 16:20:06 | 000,000,208 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.03.05 18:30:55 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI
[2012.02.23 21:23:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2012.02.16 00:35:20 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.16 00:35:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.17 09:17:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B9A2CC7C-E572-4C7E-9A7C-573B0FF0BEFE}
[2012.01.12 23:16:57 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.04 13:14:00 | 000,038,432 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.12.04 13:13:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.04 13:12:50 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.09.28 22:18:53 | 000,000,055 | ---- | C] () -- C:\Users\***\AppData\Roaming\Win-HaBu.ini
[2011.08.04 01:00:59 | 000,209,177 | ---- | C] () -- C:\Windows\hpoins39.dat.temp
[2011.08.04 01:00:59 | 000,000,629 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp
[2011.08.03 15:25:33 | 000,000,298 | ---- | C] () -- C:\Windows\Clony2.ini
[2011.07.15 16:24:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011.07.15 16:24:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011.05.26 20:35:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.03.23 02:27:53 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
[2011.02.19 12:19:00 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.05.17 15:23:34 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 15:35:48 | 003,198,860 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.JPG
[2010.04.15 15:35:46 | 003,088,891 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.0
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A303874F

< End of report >

markusg · 19.02.2013, 16:51

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
[2012.09.11 13:23:14 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

neustarten bitte, testen wie der PC läuft, auch alle browser, ob es umleitungen, bzw ungewollte Toolbars gibt, + sonstige Programme

akakesios · 19.02.2013, 17:07

Hier die Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Program Files (x86)\Mozilla Firefox\searchplugins\ergative.xml moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 115157 bytes
->Temporary Internet Files folder emptied: 29921139 bytes
->Java cache emptied: 1417225 bytes
->FireFox cache emptied: 49884740 bytes
->Flash cache emptied: 729 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57335 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 15132 bytes
 
Total Files Cleaned = 78,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02192013_165659

Files\Folders moved on Reboot...
C:\Users\xxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Habe ich vielleicht beim Fixen was Vergessen? Ich habe den Text unverändert übernommen? Hätte ich den Benutzernamen einsetzen müssen? Die iexplore Prozesse öffnen sich weiterhin..

markusg · 19.02.2013, 17:10

passt alles
lade:
http://ad13.geekstogo.com/MBRCheck.exe
doppelklicken, wenn fertig, liegt eine mbrcheck.txt auf dem destop, inhalt posten bitte

akakesios · 19.02.2013, 17:21

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Home Premium Edition
Windows Information:		Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:	Hewlett-Packard
BIOS Manufacturer:		Hewlett-Packard
System Manufacturer:		Hewlett-Packard
System Product Name:		HP Pavilion dv6 Notebook PC
Logical Drives Mask:		0x0000005c

Kernel Drivers (total 245):
  0x03E1A000 \SystemRoot\system32\ntoskrnl.exe
  0x04401000 \SystemRoot\system32\hal.dll
  0x00B9B000 \SystemRoot\system32\kdcom.dll
  0x00C27000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C34000 \SystemRoot\system32\PSHED.dll
  0x00C48000 \SystemRoot\system32\CLFS.SYS
  0x00CA6000 \SystemRoot\system32\CI.dll
  0x00E12000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00ED4000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00EE4000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00EF1000 \SystemRoot\system32\drivers\ACPI.sys
  0x00F48000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00F51000 \SystemRoot\system32\drivers\pci.sys
  0x00F84000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00F8E000 \SystemRoot\system32\drivers\isapnp.sys
  0x00F97000 \SystemRoot\system32\drivers\mpio.sys
  0x00FC1000 \SystemRoot\System32\drivers\partmgr.sys
  0x00FD6000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x00FDF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x00FEB000 \SystemRoot\system32\drivers\volmgr.sys
  0x00D66000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E00000 \SystemRoot\system32\drivers\intelide.sys
  0x00DC2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x00E08000 \SystemRoot\system32\drivers\pciide.sys
  0x00DD2000 \SystemRoot\system32\drivers\aliide.sys
  0x00DD9000 \SystemRoot\system32\drivers\amdide.sys
  0x00DE0000 \SystemRoot\system32\drivers\cmdide.sys
  0x00C00000 \SystemRoot\System32\drivers\mountmgr.sys
  0x010A9000 \SystemRoot\system32\drivers\msdsm.sys
  0x010CF000 \SystemRoot\system32\drivers\nvraid.sys
  0x010F7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x01127000 \SystemRoot\system32\drivers\viaide.sys
  0x01276000 \SystemRoot\system32\drivers\iaStorV.sys
  0x01394000 \SystemRoot\system32\drivers\atapi.sys
  0x0139D000 \SystemRoot\system32\drivers\ataport.SYS
  0x013C7000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
  0x01200000 \SystemRoot\system32\DRIVERS\storport.sys
  0x01263000 \SystemRoot\system32\drivers\msahci.sys
  0x013E4000 \SystemRoot\system32\drivers\HpSAMD.sys
  0x0112F000 \SystemRoot\system32\DRIVERS\adp94xx.sys
  0x011AA000 \SystemRoot\system32\DRIVERS\adpahci.sys
  0x01000000 \SystemRoot\system32\DRIVERS\adpu320.sys
  0x0102F000 \SystemRoot\system32\drivers\amdsata.sys
  0x0104D000 \SystemRoot\system32\DRIVERS\amdsbs.sys
  0x01094000 \SystemRoot\system32\drivers\amdxata.sys
  0x014F5000 \SystemRoot\system32\DRIVERS\arc.sys
  0x0150E000 \SystemRoot\system32\DRIVERS\arcsas.sys
  0x01529000 \SystemRoot\system32\DRIVERS\elxstor.sys
  0x015B0000 \SystemRoot\system32\DRIVERS\iirsp.sys
  0x015C1000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
  0x015E0000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
  0x01400000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
  0x0141F000 \SystemRoot\system32\DRIVERS\megasas.sys
  0x0142B000 \SystemRoot\system32\DRIVERS\MegaSR.sys
  0x014CF000 \SystemRoot\system32\DRIVERS\nfrd960.sys
  0x01679000 \SystemRoot\system32\drivers\nvstor.sys
  0x01826000 \SystemRoot\system32\DRIVERS\ql2300.sys
  0x016A4000 \SystemRoot\system32\DRIVERS\ql40xx.sys
  0x019CA000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
  0x019D8000 \SystemRoot\system32\DRIVERS\sisraid4.sys
  0x019F0000 \SystemRoot\system32\DRIVERS\stexstor.sys
  0x01703000 \SystemRoot\system32\DRIVERS\vsmraid.sys
  0x0172D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x01800000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01A39000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x01779000 \SystemRoot\System32\Drivers\msrpc.sys
  0x01BDC000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01600000 \SystemRoot\System32\Drivers\cng.sys
  0x01A00000 \SystemRoot\System32\drivers\pcw.sys
  0x01A11000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x01C84000 \SystemRoot\system32\drivers\ndis.sys
  0x01D76000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01DD6000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01E00000 \SystemRoot\System32\drivers\tcpip.sys
  0x01C00000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01C49000 \SystemRoot\system32\DRIVERS\wd.sys
  0x020F5000 \SystemRoot\system32\drivers\volsnap.sys
  0x02141000 \SystemRoot\System32\Drivers\spldr.sys
  0x02149000 \SystemRoot\system32\drivers\sbp2port.sys
  0x02166000 \SystemRoot\System32\drivers\rdyboost.sys
  0x021A0000 \SystemRoot\system32\DRIVERS\NBVol.sys
  0x021B6000 \SystemRoot\system32\DRIVERS\NBVolUp.sys
  0x021BF000 \SystemRoot\System32\Drivers\mup.sys
  0x021D1000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x021DA000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
  0x02000000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x0203A000 \SystemRoot\system32\DRIVERS\disk.sys
  0x02050000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x02090000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x0347B000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x0356F000 \SystemRoot\System32\Drivers\Null.SYS
  0x03578000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0357F000 \SystemRoot\System32\drivers\vga.sys
  0x0358D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x035B2000 \SystemRoot\System32\drivers\watchdog.sys
  0x035C2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x035CB000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x035D4000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x035DD000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x035E8000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03400000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03422000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0342F000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x04262000 \SystemRoot\system32\drivers\afd.sys
  0x042EB000 \SystemRoot\System32\Drivers\aswrdr2.sys
  0x042FB000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x04340000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x0434B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x04354000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x0437A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x04390000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x043BC000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x043D7000 \SystemRoot\system32\drivers\termdd.sys
  0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0439F000 \SystemRoot\system32\drivers\mssmbios.sys
  0x043AA000 \SystemRoot\System32\drivers\discache.sys
  0x03441000 \SystemRoot\System32\Drivers\dfsc.sys
  0x043EB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x0449A000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x044FB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04521000 \SystemRoot\system32\DRIVERS\amdppm.sys
  0x04618000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x04C2F000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x04C65000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x04D59000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04D9F000 \SystemRoot\system32\drivers\HDAudBus.sys
  0x05021000 \SystemRoot\system32\DRIVERS\athrx.sys
  0x053CC000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x04DC3000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
  0x053D9000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x04536000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x053E4000 \SystemRoot\system32\DRIVERS\usbfilter.sys
  0x053F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x05000000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x0458C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x05011000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
  0x04600000 \SystemRoot\system32\drivers\kbdclass.sys
  0x04400000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x04467000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x04476000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x053F3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x0460F000 \SystemRoot\system32\drivers\wmiacpi.sys
  0x045AA000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
  0x045B7000 \SystemRoot\system32\drivers\CompositeBus.sys
  0x045C7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x020BA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x045DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x01C51000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x0345F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x017D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x021E4000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x053F8000 \SystemRoot\system32\drivers\swenum.sys
  0x054FB000 \SystemRoot\system32\drivers\ks.sys
  0x0553E000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x05550000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0x05599000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x05400000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x0545A000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x0546F000 \SystemRoot\system32\drivers\AtiHdmi.sys
  0x0548F000 \SystemRoot\system32\drivers\portcls.sys
  0x054CC000 \SystemRoot\system32\drivers\drmk.sys
  0x054EE000 \SystemRoot\system32\drivers\ksthunk.sys
  0x08C03000 \SystemRoot\system32\DRIVERS\stwrt64.sys
  0x08C82000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x08C93000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x08CAC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x08CB5000 \SystemRoot\system32\drivers\kbdhid.sys
  0x08CC3000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x08CD0000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x08CDE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x08CFB000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x08D29000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x08D37000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x08D43000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x08D4E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x08D61000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x000B0000 \SystemRoot\System32\win32k.sys
  0x08D7C000 \SystemRoot\System32\drivers\Dxapi.sys
  0x08D88000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x005D0000 \SystemRoot\System32\TSDDD.dll
  0x00670000 \SystemRoot\System32\cdd.dll
  0x008E0000 \SystemRoot\System32\ATMFD.DLL
  0x08D96000 \SystemRoot\system32\drivers\luafv.sys
  0x08DB9000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x08DDB000 \??\C:\Windows\system32\drivers\mbam.sys
  0x08DE5000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x055AB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x030FE000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x03151000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x03164000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x03000000 \SystemRoot\system32\drivers\HTTP.sys
  0x030C9000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0317C000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x03194000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x05CB5000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x05D03000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x05D27000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0x05C00000 \SystemRoot\system32\drivers\peauth.sys
  0x05CA6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x05D81000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x05DB2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x0865C000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x086C5000 \SystemRoot\System32\DRIVERS\srv.sys
  0x087CE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x77290000 \Windows\System32\ntdll.dll
  0x48100000 \Windows\System32\smss.exe
  0xFF5B0000 \Windows\System32\apisetschema.dll
  0xFFA10000 \Windows\System32\autochk.exe
  0x77190000 \Windows\System32\user32.dll
  0xFF570000 \Windows\System32\imm32.dll
  0x76F80000 \Windows\System32\iertutil.dll
  0xFF550000 \Windows\System32\imagehlp.dll
  0xFF4D0000 \Windows\System32\shlwapi.dll
  0x76E20000 \Windows\System32\wininet.dll
  0xFF400000 \Windows\System32\usp10.dll
  0x76D00000 \Windows\System32\kernel32.dll
  0x76BB0000 \Windows\System32\urlmon.dll
  0xFF360000 \Windows\System32\msvcrt.dll
  0xFF350000 \Windows\System32\lpk.dll
  0xFF300000 \Windows\System32\ws2_32.dll
  0xFF280000 \Windows\System32\difxapi.dll
  0xFF270000 \Windows\System32\nsi.dll
  0xFF160000 \Windows\System32\msctf.dll
  0xFEF50000 \Windows\System32\ole32.dll
  0xFEE70000 \Windows\System32\advapi32.dll
  0x77460000 \Windows\System32\psapi.dll
  0xFEE50000 \Windows\System32\sechost.dll
  0xFEC70000 \Windows\System32\setupapi.dll
  0xFEBD0000 \Windows\System32\comdlg32.dll
  0xFDE40000 \Windows\System32\shell32.dll
  0xFDD60000 \Windows\System32\oleaut32.dll
  0x77450000 \Windows\System32\normaliz.dll
  0xFDCF0000 \Windows\System32\gdi32.dll
  0xFDC90000 \Windows\System32\Wldap32.dll
  0xFDBF0000 \Windows\System32\clbcatq.dll
  0xFDAC0000 \Windows\System32\rpcrt4.dll
  0xFDA80000 \Windows\System32\cfgmgr32.dll
  0xFDA60000 \Windows\System32\devobj.dll
  0xFD9C0000 \Windows\System32\comctl32.dll
  0xFD850000 \Windows\System32\crypt32.dll
  0xFD7E0000 \Windows\System32\KernelBase.dll
  0xFD7A0000 \Windows\System32\wintrust.dll
  0xFD790000 \Windows\System32\msasn1.dll
  0x764C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 53):
       0 System Idle Process
       4 System
     324 C:\Windows\System32\smss.exe
     448 csrss.exe
     520 csrss.exe
     528 C:\Windows\System32\wininit.exe
     584 C:\Windows\System32\services.exe
     608 C:\Windows\System32\winlogon.exe
     636 C:\Windows\System32\lsass.exe
     644 C:\Windows\System32\lsm.exe
     744 C:\Windows\System32\svchost.exe
     848 C:\Windows\System32\svchost.exe
     920 C:\Windows\System32\atiesrxx.exe
     972 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
     108 C:\Windows\System32\svchost.exe
     928 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\atieclxx.exe
    1184 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    1356 C:\Windows\System32\dwm.exe
    1364 C:\Windows\explorer.exe
    1512 C:\Windows\System32\spoolsv.exe
    1532 C:\Windows\System32\taskhost.exe
    1612 C:\Windows\System32\svchost.exe
    1772 C:\Windows\SysWOW64\svchost.exe
    1800 C:\Windows\SysWOW64\svchost.exe
    1852 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    1952 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    2004 C:\Windows\System32\svchost.exe
    2032 C:\Windows\SysWOW64\NlsSrv32.exe
    1392 C:\Windows\System32\svchost.exe
    1672 C:\Windows\System32\svchost.exe
    1376 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    2380 C:\Windows\System32\SearchIndexer.exe
    2556 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    2756 C:\Windows\System32\svchost.exe
    2868 C:\Windows\System32\taskeng.exe
    2948 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    2956 C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    2992 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    3528 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3684 C:\Windows\System32\svchost.exe
    3740 C:\Program Files\Classic Shell\ClassicStartMenu.exe
    3800 C:\Program Files\IDT\WDM\sttray64.exe
    3844 C:\Program Files\AVAST Software\Avast\AvastUI.exe
    2456 C:\Windows\System32\svchost.exe
     684 C:\Windows\servicing\TrustedInstaller.exe
    3076 C:\Windows\System32\wuauclt.exe
    3656 C:\Windows\System32\audiodg.exe
    3452 C:\Users\***\Desktop\MBRCheck.exe
    1208 C:\Windows\System32\conhost.exe
    5004 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`30a00000  (NTFS)
\\.\G: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS725032A9A364, Rev: PC3OC70E
PhysicalDrive1 Model Number: SeagateDesktop, Rev: 0130

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: AE939A9637EB017A1FBEBAA32E46003B3B7C68CA
    931 GB  \\.\PhysicalDrive1   MBR Code Faked!
            SHA1: C72EFE106BC48C1561FD9A90AD20A92156D9FBB4


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

markusg · 19.02.2013, 18:18

hi, mbrcheck noch mal laufen lassen.
drücke dann y (evtl. enter)
dan 1 (evtl. enter)
drücke 0 (evtl. enter)
vergib einen Namen, drücke enter

mbrcheck noch mal laufen lassen
drücke dann y (evtl. enter)
dan 1 (evtl. enter)
drücke 1 (evtl. enter)
vergib einen Namen, drücke enter
lade beide hoch:
Trojaner-Board Upload Channel
Melden, wenn fertig.

akakesios · 20.02.2013, 16:11

Ok, ist hochgeladen..

akakesios · 21.02.2013, 18:06

Hat irgendwas beim Upload nicht geklappt oder habe ich was falsch gemacht??

markusg · 21.02.2013, 19:22

ich warte noch auf ein ergebniss für die mbrs.
hast du eine windows cd zur hand?

akakesios · 21.02.2013, 20:07

Gut, vielen Dank!
Ja eine windows cd habe ich.

markusg · 21.02.2013, 20:12

hi,
bitte fixmbr und fixboot ausführen
Tipparchiv - MBR unter Vista oder Windows 7 reparieren - WinTotal.de
schauen ob das Problem noch auftritt

akakesios · 21.02.2013, 21:08

Befehle hab ich ausgeführt.
Problem besteht leider weiter...

markusg · 22.02.2013, 14:26

hi,
ich bin deine Logs noch mal durchgegangen, ich habe im hitmanpro log einen Keygen übersehen.
http://www.trojaner-board.de/95394-c...-software.html
da kann ich dir leider nur beim neu aufsetzen helfen
1. Datenrettung:

deaktiviere Autorun: http://www.trojaner-board.de/83238-a...sschalten.html
dann sichere Daten auf nen externen datenträger: http://www.trojaner-board.de/82533-d...ted-magic.html
Bilder, Dokumente, Musik Videos (persönliches) http://www.trojaner-board.de/71715-k...iendungen.html

2. Formatieren, Windows neu instalieren:

nutzt du eine Windows CD: http://www.trojaner-board.de/51262-a...sicherung.html
recovery cd oder recovery partition.
falls dies ein fertig pc ist, nenne hersteller + typ.
Keine Windows 7 DVD? http://www.trojaner-board.de/100776-...-download.html

3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

Iexplore.exe 32 im Taskmanager startet sich selbst 3 mal /

Plagegeister aller Art und deren Bekämpfung: Iexplore.exe 32 im Taskmanager startet sich selbst 3 mal /