Trojaner-Board - Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1) (https://www.trojaner-board.de/107156-outlook-2007-versendet-spam-e-mails-adressbuch-windows-7-64-bit-sp1.html)

Outlook 2007 versendet Spam E-Mails an Adressbuch (Windows 7 64 Bit SP1)

Hi zusammen,

bin hier noch ein Frischling, also bitte mit Geduld, wenn ich nicht gleich was verstehe. :crazy:

Zu meinen Problem: Ich habe gestern festgestellt, das Outlook 2007 Spam E-Mails an mein Adressbuch versendet. Darauf habe ich das senden erst mal unterbunden. Muss ja nicht mehr werden.

Habe dann verschieden Programme laufen lassen. Die Logfiles sind als .zip anbei. System ist außerdem Windows 7 Ultimate 64 Bit SP1.

Privat:

Windows Tool zum entfernen bösartiger Software
Avast
Spybot S&D

Nach Forum:

Defogger (Nach Forumsanleitung)
OTL (hab kein Quickscan, sondern einen kompletten Scan machen lassen, es hat sonst kein Extra Log erstellt)

Nach diesen Thema:
http://www.trojaner-board.de/97040-a...tlook2007.html

MBR.exe (sieht irgendwie aus, als wenn das nicht funktioniert hat)
HijackThis 2.0.4
HJTscanlist.zip
CCleaner (Installierte Programme)
Temp gelöscht
SUPERAntiSpyware FREE Edition
ESET Online Scanner
Anzeigen von E-Mail-Nachrichten im Nur-Text-Format

Ich habe jetzt selber nicht wirklich was schlimmes gefunden, habe aber auch nicht das Fachwissen wie ihr. Könntet ihr mal bitte drüber schauen und checken. Bei Fragen fragen.
Die Datei Programm_beenden.bat im Autostart ist meine Datei. Die .zip Datei lösche ich wieder, sobald das hier erledigt ist. :)

Viele Grüße und Danke für die Hilfe

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Hi Cosinos,

vielen Dank für deine Hilfe. Anbei das Logfile von Malwarebytes. Sieht alles gut aus, nichts gefunden. :)

Viele Grüße
Dennis

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hi Cosinus,

nein, ich kannte Malwarebytes voher überhaupt nicht und habe damit noch nie Scans dürchgeführt.

Guten Rutsch :party:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Frohes neues Jahr wünsche ich,

hier das Logfile von OTL.

Code:

OTL logfile created on: 01.01.2012 10:27:56 - Run 5

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Norbert das Notebook\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,48% Memory free

15,00 Gb Paging File | 13,85 Gb Available in Paging File | 92,34% Paging File free

Paging file location(s): [Binary data over 100 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111,51 Gb Total Space | 35,28 Gb Free Space | 31,64% Space Free | Partition Type: NTFS

Drive D: | 50,00 Gb Total Space | 26,35 Gb Free Space | 52,69% Space Free | Partition Type: NTFS

Drive E: | 20,02 Gb Total Space | 12,88 Gb Free Space | 64,35% Space Free | Partition Type: NTFS

Drive F: | 40,04 Gb Total Space | 10,17 Gb Free Space | 25,41% Space Free | Partition Type: NTFS

Drive L: | 3,76 Gb Total Space | 0,10 Gb Free Space | 2,61% Space Free | Partition Type: NTFS

 

Computer Name: NORBERTDASNOTEB | User Name: Norbert das Notebook | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.28 17:45:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Norbert das Notebook\Desktop\OTL.exe

PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2011.03.25 16:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2010.11.26 15:52:38 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe

PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011.11.23 14:17:26 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2011.03.29 11:46:02 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\mcShoutCast\mcShoutCastECommerceService.exe -- (mcShoutCastECommerceService)

SRV:64bit: - [2011.03.29 11:45:50 | 000,007,680 | ---- | M] (Sörnt Poppe) [Auto | Running] -- C:\Program Files\mcShoutCast\ShoutCastLauraFMService.exe -- (mcShoutCastLauraFM)

SRV:64bit: - [2011.03.29 11:45:12 | 000,066,560 | ---- | M] (Sörnt Poppe) [Auto | Running] -- C:\Program Files\mcShoutCast\ShoutCastProxyService.exe -- (mcShoutCastProxy)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2000.01.01 01:00:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011.08.15 16:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011.04.09 20:08:49 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV - [2011.03.25 16:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010.11.26 15:52:38 | 000,064,512 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)

SRV - [2010.11.02 12:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)

SRV - [2010.11.02 12:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV - [2010.11.02 12:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AAVUpdateManager\aavus.exe -- (AAV UpdateService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)

DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)

DRV:64bit: - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)

DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011.11.11 19:17:36 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2011.08.17 13:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)

DRV:64bit: - [2011.08.17 13:04:28 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)

DRV:64bit: - [2011.08.17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2011.08.17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2011.08.17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2011.08.17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2011.08.13 12:40:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011.08.13 12:40:10 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011.08.13 12:40:10 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011.08.13 12:40:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011.08.13 12:40:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011.04.10 07:27:39 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2011.03.30 12:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.12.21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 02:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 02:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.11.20 01:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.11.20 00:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.09 02:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)

DRV:64bit: - [2010.01.26 06:16:00 | 000,087,040 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)

DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009.11.29 22:35:00 | 000,072,320 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SCLx64.sys -- (SCLx64)

DRV:64bit: - [2009.10.21 23:46:04 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.03.13 10:05:10 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2007.08.03 04:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV:64bit: - [2000.01.01 01:00:00 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV - [2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2011.11.23 14:17:24 | 000,158,336 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Norbert das Notebook\Downloads

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bits21.de/63_Home.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 0F 81 AB EC 28 CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.startup.homepage: "https://encrypted.google.com/webhp?hl=de"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_7.0 [2011.11.04 21:33:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.23 18:54:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.04 21:33:06 | 000,000,000 | ---D | M]

 

[2011.12.23 19:01:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Extensions

[2011.12.23 19:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions

[2011.11.30 12:43:08 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.11.30 12:43:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2011.12.02 21:28:06 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\https-everywhere@eff.org

[2011.12.23 19:40:35 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de

[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\searchplugins\askcom.xml

[2011.11.30 11:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI

() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI

() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\GREASEFIRE@SKRUL.COM.XPI

() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\GUICONFIG@SLOSD.NET.XPI

() (No name found) -- C:\USERS\NORBERT DAS NOTEBOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SZJ9KW3A.DEFAULT\EXTENSIONS\NOIA4OPTIONS@ARIST2.XPI

[2011.12.23 18:54:32 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.12.23 18:54:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.12.23 18:54:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.12.23 18:54:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.12.23 18:54:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.12.23 18:54:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.12.23 18:54:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.12.28 16:37:07 | 000,440,051 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 15128 more lines...

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)

O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

O4 - HKLM..\Run: [StartupDelayer] C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 studios)

O4 - HKCU..\Run: []  File not found

O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)

O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - Startup: C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D99F00B5-8770-4A4A-AACA-1C54724BC71A}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()

Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.01 10:15:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Norbert das Notebook\Desktop\OTL.exe

[2011.12.31 14:49:39 | 000,000,000 | ---D | C] -- C:\...Browser

[2011.12.31 12:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup

[2011.12.31 12:09:06 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll

[2011.12.31 12:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64

[2011.12.31 11:51:55 | 000,000,000 | ---D | C] -- C:\Users\Norbert das Notebook\Desktop\Bilder vom Handy

[2011.12.31 11:45:30 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys

[2011.12.31 11:45:30 | 000,098,616 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys

[2011.12.29 18:12:57 | 000,000,000 | ---D | C] -- C:\Users\Norbert das Notebook\AppData\Roaming\Malwarebytes

[2011.12.29 18:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.28 18:10:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2011.12.22 18:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2011.12.17 15:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software

[2011.12.16 22:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2011.12.16 22:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2011.12.16 22:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2011.12.13 09:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys

[2011.12.04 22:23:57 | 000,138,872 | ---- | C] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys

[2011.12.02 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2011.04.10 07:27:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Norbert das Notebook\AppData\Roaming\pcouffin.sys

[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Norbert das Notebook\AppData\Local\CDRip.dll

[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Norbert das Notebook\AppData\Local\No23 Recorder.exe

[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Norbert das Notebook\AppData\Local\basscd.dll

[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Norbert das Notebook\AppData\Local\bass.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.01 10:26:31 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.01 10:26:31 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.01 10:18:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.01 10:18:08 | 2413,588,480 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.01 10:17:22 | 000,000,188 | ---- | M] () -- C:\Users\Norbert das Notebook\defogger_reenable

[2011.12.31 15:53:48 | 001,621,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.12.31 15:53:48 | 000,702,486 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.12.31 15:53:48 | 000,655,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.12.31 15:53:48 | 000,150,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.12.31 15:53:48 | 000,122,694 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.12.31 12:05:17 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job

[2011.12.31 11:39:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2011.12.31 11:34:30 | 001,603,578 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.12.29 19:00:00 | 000,092,160 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll

[2011.12.28 17:45:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Norbert das Notebook\Desktop\OTL.exe

[2011.12.28 17:09:16 | 000,050,477 | ---- | M] () -- C:\Users\Norbert das Notebook\Desktop\Defogger.exe

[2011.12.28 16:37:07 | 000,440,051 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011.12.28 11:28:58 | 000,002,032 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2011.12.24 12:16:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf

[2011.12.23 19:04:22 | 000,439,997 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111228-163707.backup

[2011.12.20 07:43:15 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

[2011.12.16 23:12:58 | 000,429,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.16 22:20:08 | 000,438,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111223-190422.backup

[2011.12.13 19:25:20 | 000,406,149 | ---- | M] () -- C:\Users\Norbert das Notebook\Desktop\Waschmachinentest.pdf

[2011.12.09 22:19:57 | 000,438,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111216-222008.backup

[2011.12.09 22:10:12 | 000,001,057 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys

[2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys

[2011.12.07 19:37:18 | 000,148,992 | ---- | M] ( ) -- C:\Windows\SysNative\lagarith.dll

[2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysWow64\drivers\AnyDVD.sys

[2011.12.04 22:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) -- C:\Windows\SysNative\drivers\AnyDVD.sys

[2011.12.04 18:05:42 | 000,002,155 | ---- | M] () -- C:\Users\Norbert das Notebook\.recently-used.xbel

[2011.12.02 21:49:19 | 000,438,886 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111209-221957.backup

 
 ========== Files Created - No Company Name ==========

 

[2012.01.01 10:17:22 | 000,000,188 | ---- | C] () -- C:\Users\Norbert das Notebook\defogger_reenable

[2012.01.01 10:17:16 | 000,050,477 | ---- | C] () -- C:\Users\Norbert das Notebook\Desktop\Defogger.exe

[2011.12.31 12:09:06 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll

[2011.12.31 12:09:05 | 000,092,160 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll

[2011.12.24 12:16:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf

[2011.12.13 19:25:53 | 000,406,149 | ---- | C] () -- C:\Users\Norbert das Notebook\Desktop\Waschmachinentest.pdf

[2011.12.04 18:05:42 | 000,002,155 | ---- | C] () -- C:\Users\Norbert das Notebook\.recently-used.xbel

[2011.08.06 14:00:25 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2011.08.06 13:57:09 | 000,000,076 | RHS- | C] () -- C:\Windows\CT6STET.BIN

[2011.08.06 13:27:43 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat

[2011.08.06 13:27:43 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

[2011.07.20 10:44:32 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}

[2011.07.20 10:44:32 | 000,000,092 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}

[2011.07.10 07:24:17 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011.07.10 07:19:14 | 000,000,412 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\All CPU Meter_Settings.ini

[2011.05.15 11:02:35 | 000,008,192 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.04.10 17:53:47 | 001,603,578 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.04.10 11:33:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.04.10 10:47:38 | 000,001,470 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\RecConfig.xml

[2011.04.10 07:58:50 | 000,002,032 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2011.04.10 07:37:33 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.04.10 07:28:39 | 000,000,668 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\vso_ts_preview.xml

[2011.04.10 07:27:39 | 000,099,384 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\inst.exe

[2011.04.10 07:27:39 | 000,007,859 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\pcouffin.cat

[2011.04.10 07:27:39 | 000,001,167 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Roaming\pcouffin.inf

[2011.04.10 07:00:34 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2011.04.10 07:00:34 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C1725C330F.sys

[2011.04.09 18:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\lame_enc.dll

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\vorbisenc.dll

[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\vorbisfile.dll

[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\vorbis.dll

[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\ogg.dll

[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Norbert das Notebook\AppData\Local\no23xwrapper.dll

 
 ========== LOP Check ==========

 

[2011.12.22 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ashampoo

[2011.04.25 17:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\ATViewer

[2011.12.03 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Canon

[2011.11.11 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DAEMON Tools Lite

[2011.07.20 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Degener

[2012.01.01 10:18:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox

[2011.07.09 16:36:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoft

[2011.07.03 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.05.09 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\GoodSync

[2011.12.04 18:05:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\gtk-2.0

[2011.04.21 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Jumping Bytes

[2011.08.06 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MAGIX

[2011.12.28 08:27:32 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Mp3tag

[2011.07.22 07:52:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MusicBrainz

[2011.05.01 07:13:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\NetDrive

[2011.08.13 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Nokia

[2011.10.20 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Origin

[2011.04.16 09:38:43 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PC Suite

[2011.09.09 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\pdfforge

[2011.04.17 01:17:29 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PersBackup5

[2011.04.10 07:57:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\r2 Studios

[2011.05.29 05:49:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung

[2011.05.01 07:31:39 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Scooter Software

[2011.07.09 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\TeamViewer

[2011.11.22 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ubisoft

[2011.07.19 07:34:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Vso

[2011.12.31 12:05:17 | 000,000,256 | ---- | M] () -- C:\Windows\Tasks\elbyExecuteWithUAC.job

[2009.07.14 06:08:49 | 000,002,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.07.11 19:43:58 | 000,000,226 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job

[2011.09.30 17:40:09 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{096AF312-8FC6-44BF-92BF-CE111AF67655}.job

[2011.06.18 07:50:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{0993BFD3-6844-4CCE-978C-3761ADD0B58E}.job

[2011.09.03 06:42:04 | 000,000,628 | ---- | M] () -- C:\Windows\Tasks\{1D33F353-784C-44D5-A9A0-2323EC750121}.job

[2011.08.06 09:27:10 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{23E5264E-94F3-4575-AA22-91F5822E4175}.job

[2011.09.18 12:17:14 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{29ABF350-98FF-42FB-B6F5-09EFCF6E66BB}.job

[2011.10.14 10:44:33 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2F6AB046-E358-489E-ACC2-6AE56B7781F0}.job

[2011.08.27 13:28:41 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{5E90278D-2B9F-478A-B64A-9E259072B350}.job

[2011.09.18 12:21:20 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{9D0E06D3-C552-4855-8ECB-40B04963E012}.job

[2011.05.29 05:59:21 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{BC6E7F5F-006F-4E8F-AFE9-E0F75E545417}.job

[2011.04.21 22:04:59 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{C0D0A311-38AB-48A7-A92E-7BFB24A540C2}.job

[2011.06.18 07:51:03 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{CD3A5803-3BC5-43D3-B22D-4BBD59F0ACC7}.job

[2011.09.03 06:46:44 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{E6A15DB2-09B9-47EA-B1F3-B88CA9F237F0}.job

[2011.07.30 20:10:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{EE90ECB5-4EEA-4167-A87D-01098557302F}.job

[2011.08.06 09:29:05 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{F46FE655-8674-45CB-A0C1-D1F2BBF35F05}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.04.10 08:12:54 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Adobe

[2011.10.28 19:53:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Apple Computer

[2011.12.22 20:12:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ashampoo

[2011.04.09 20:17:37 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\ATI

[2011.04.25 17:09:21 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\ATViewer

[2011.12.03 11:14:23 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Canon

[2011.04.10 07:00:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Corel

[2011.11.11 21:00:58 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DAEMON Tools Lite

[2011.07.20 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Degener

[2012.01.01 10:18:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox

[2011.07.09 16:36:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoft

[2011.07.03 13:03:02 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.04.10 11:49:27 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\FastStone

[2011.05.09 11:29:34 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\GoodSync

[2011.12.04 18:05:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\gtk-2.0

[2011.04.09 18:52:10 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Identities

[2011.08.06 13:53:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\InstallShield

[2011.06.11 07:15:45 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Intel

[2011.04.21 22:06:50 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Jumping Bytes

[2011.04.09 20:39:57 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Macromedia

[2011.08.06 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MAGIX

[2011.12.29 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Media Center Programs

[2011.07.22 08:07:47 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Media Player Classic

[2011.07.19 11:12:01 | 000,000,000 | --SD | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft

[2012.01.01 09:07:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla

[2011.12.28 08:27:32 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Mp3tag

[2011.07.22 07:52:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\MusicBrainz

[2011.05.01 07:13:08 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\NetDrive

[2011.08.13 13:29:09 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Nokia

[2011.10.20 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Origin

[2011.04.16 09:38:43 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PC Suite

[2011.09.09 18:57:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\pdfforge

[2011.04.17 01:17:29 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\PersBackup5

[2011.04.10 07:57:46 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\r2 Studios

[2011.05.29 05:49:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung

[2011.05.01 07:31:39 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Scooter Software

[2011.12.22 22:37:11 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Skype

[2011.06.17 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\skypePM

[2011.07.09 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\TeamViewer

[2011.11.22 15:34:42 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Ubisoft

[2011.07.19 07:34:01 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\Vso

[2011.04.09 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\Norbert das Notebook\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.07.19 07:34:01 | 000,099,384 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\inst.exe

[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.12.05 20:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.11.11 06:19:49 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.04.10 07:22:17 | 000,003,262 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe

[2011.04.10 07:22:17 | 000,010,134 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe

[2011.08.06 13:27:51 | 000,010,134 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{B375D641-9644-E4F6-963C-8CB3097C9F02}\ARPPRODUCTICON.exe

[2011.04.14 20:06:34 | 000,010,134 | R--- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2011.12.08 02:33:24 | 000,935,824 | ---- | M] (Samsung) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2011.12.08 02:33:28 | 000,278,928 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2011.11.29 08:44:38 | 000,292,864 | ---- | M] (Samsung) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe

[2011.12.08 02:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.11.29 08:40:26 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe

[2011.11.29 08:40:26 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2011.12.06 08:35:14 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2011.11.29 08:40:26 | 000,110,080 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ErrorReport.exe

[2011.12.08 02:33:30 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2011.12.06 08:35:10 | 000,106,408 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe

[2011.12.06 08:35:10 | 000,101,288 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe

[2011.12.08 02:33:34 | 000,131,984 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2011.12.08 02:33:36 | 003,569,984 | ---- | M] (Freeware) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.11.29 08:37:46 | 024,114,392 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe

[2011.12.08 02:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2011.12.27 15:21:22 | 000,371,088 | ---- | M] (ml) -- C:\Users\Norbert das Notebook\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:A18D1A5B
 

< End of report >

Vielen Dank für deine Hilfe. :)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Norbert das Notebook\Downloads

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bits21.de/63_Home.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 0F 81 AB EC 28 CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.startup.homepage: "https://encrypted.google.com/webhp?hl=de"

[2011.12.23 19:40:35 | 000,000,000 | ---D | M] ([verify-U]-Add-on) -- C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de

[2011.11.17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\searchplugins\askcom.xml

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG)

O4 - HKCU..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe

[2011.09.30 17:40:09 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{096AF312-8FC6-44BF-92BF-CE111AF67655}.job

[2011.06.18 07:50:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{0993BFD3-6844-4CCE-978C-3761ADD0B58E}.job

[2011.09.03 06:42:04 | 000,000,628 | ---- | M] () -- C:\Windows\Tasks\{1D33F353-784C-44D5-A9A0-2323EC750121}.job

[2011.08.06 09:27:10 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{23E5264E-94F3-4575-AA22-91F5822E4175}.job

[2011.09.18 12:17:14 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\{29ABF350-98FF-42FB-B6F5-09EFCF6E66BB}.job

[2011.10.14 10:44:33 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{2F6AB046-E358-489E-ACC2-6AE56B7781F0}.job

[2011.08.27 13:28:41 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{5E90278D-2B9F-478A-B64A-9E259072B350}.job

[2011.09.18 12:21:20 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{9D0E06D3-C552-4855-8ECB-40B04963E012}.job

[2011.05.29 05:59:21 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{BC6E7F5F-006F-4E8F-AFE9-E0F75E545417}.job

[2011.04.21 22:04:59 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{C0D0A311-38AB-48A7-A92E-7BFB24A540C2}.job

[2011.06.18 07:51:03 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{CD3A5803-3BC5-43D3-B22D-4BBD59F0ACC7}.job

[2011.09.03 06:46:44 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{E6A15DB2-09B9-47EA-B1F3-B88CA9F237F0}.job

[2011.07.30 20:10:04 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{EE90ECB5-4EEA-4167-A87D-01098557302F}.job

[2011.08.06 09:29:05 | 000,000,198 | ---- | M] () -- C:\Windows\Tasks\{F46FE655-8674-45CB-A0C1-D1F2BBF35F05}.job

@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:A18D1A5B

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Habe dein Script ausgeführt, anbei das Log. Verstehe aber noch nicht so recht, was das macht. :) Da muss ich blind vertrauen. :crazy:

Den Avast Vierenscanner konnte ich nur deaktivieren. Nach beendigung der Prozesse sind die immer gleich wieder gestartet worden.

Hattest du denn eigentlich irgendwas gefunden gehabt?

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default Download Directory| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Google" removed from browser.search.defaultengine

Prefs.js: "Google" removed from browser.search.defaultenginename

Prefs.js: true removed from browser.search.openintab

Prefs.js: "Ask.com" removed from browser.search.order.1

Prefs.js: "https://encrypted.google.com/webhp?hl=de" removed from browser.startup.homepage

C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\skin\img folder moved successfully.

C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\skin folder moved successfully.

C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\locale\de-DE folder moved successfully.

C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\locale folder moved successfully.

C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de\content folder moved successfully.

C:\Users\Norbert das Notebook\AppData\Roaming\mozilla\Firefox\Profiles\szj9kw3a.default\extensions\verify-u_2@cybits.de folder moved successfully.

C:\Users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\searchplugins\askcom.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

C:\Programme\Java\jre7\bin\jp2ssv.dll moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.

C:\Programme\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4552A56-119C-478E-AB3F-2C850F78B72E}\ deleted successfully.

C:\Program Files (x86)\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c054dc40-62e3-11e0-a501-806e6f6e6963}\ not found.

File H:\autorun.exe not found.

C:\Windows\Tasks\{096AF312-8FC6-44BF-92BF-CE111AF67655}.job moved successfully.

C:\Windows\Tasks\{0993BFD3-6844-4CCE-978C-3761ADD0B58E}.job moved successfully.

C:\Windows\Tasks\{1D33F353-784C-44D5-A9A0-2323EC750121}.job moved successfully.

C:\Windows\Tasks\{23E5264E-94F3-4575-AA22-91F5822E4175}.job moved successfully.

C:\Windows\Tasks\{29ABF350-98FF-42FB-B6F5-09EFCF6E66BB}.job moved successfully.

C:\Windows\Tasks\{2F6AB046-E358-489E-ACC2-6AE56B7781F0}.job moved successfully.

C:\Windows\Tasks\{5E90278D-2B9F-478A-B64A-9E259072B350}.job moved successfully.

C:\Windows\Tasks\{9D0E06D3-C552-4855-8ECB-40B04963E012}.job moved successfully.

C:\Windows\Tasks\{BC6E7F5F-006F-4E8F-AFE9-E0F75E545417}.job moved successfully.

C:\Windows\Tasks\{C0D0A311-38AB-48A7-A92E-7BFB24A540C2}.job moved successfully.

C:\Windows\Tasks\{CD3A5803-3BC5-43D3-B22D-4BBD59F0ACC7}.job moved successfully.

C:\Windows\Tasks\{E6A15DB2-09B9-47EA-B1F3-B88CA9F237F0}.job moved successfully.

C:\Windows\Tasks\{EE90ECB5-4EEA-4167-A87D-01098557302F}.job moved successfully.

C:\Windows\Tasks\{F46FE655-8674-45CB-A0C1-D1F2BBF35F05}.job moved successfully.

ADS C:\ProgramData\TEMP:A18D1A5B deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Norbert das Notebook

->Temp folder emptied: 417248 bytes

->Temporary Internet Files folder emptied: 9095167 bytes

->Java cache emptied: 897444 bytes

->FireFox cache emptied: 54214090 bytes

->Flash cache emptied: 56967 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 23426319 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 748 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 84,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_124515
 

Files\Folders moved on Reboot...

C:\Users\Norbert das Notebook\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Wie angefordert der Report. :) Findet aber auch nichts.

Edit: unhide benötige ich meiner Meinung nicht, ich kann meines Wissens auf alles Zugreifen oder soll ich das vorsichtshalber durchführen?

Code:

14:21:10.0776 2180        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

14:21:10.0999 2180        ============================================================

14:21:11.0000 2180        Current date / time: 2012/01/02 14:21:10.0999

14:21:11.0000 2180        SystemInfo:

14:21:11.0000 2180        

14:21:11.0000 2180        OS Version: 6.1.7601 ServicePack: 1.0

14:21:11.0000 2180        Product type: Workstation

14:21:11.0000 2180        ComputerName: NORBERTDASNOTEB

14:21:11.0001 2180        UserName: Norbert das Notebook

14:21:11.0001 2180        Windows directory: C:\Windows

14:21:11.0001 2180        System windows directory: C:\Windows

14:21:11.0001 2180        Running under WOW64

14:21:11.0001 2180        Processor architecture: Intel x64

14:21:11.0001 2180        Number of processors: 2

14:21:11.0001 2180        Page size: 0x1000

14:21:11.0001 2180        Boot type: Normal boot

14:21:11.0001 2180        ============================================================

14:21:11.0985 2180        Initialize success

14:23:40.0730 5524        ============================================================

14:23:40.0730 5524        Scan started

14:23:40.0730 5524        Mode: Manual; SigCheck; TDLFS; 

14:23:40.0730 5524        ============================================================

14:23:41.0058 5524        1394ohci - ok

14:23:41.0074 5524        ACPI - ok

14:23:41.0074 5524        AcpiPmi - ok

14:23:41.0089 5524        adp94xx - ok

14:23:41.0105 5524        adpahci - ok

14:23:41.0105 5524        adpu320 - ok

14:23:41.0120 5524        AFD - ok

14:23:41.0136 5524        agp440 - ok

14:23:41.0136 5524        aliide - ok

14:23:41.0152 5524        amdide - ok

14:23:41.0167 5524        AmdK8 - ok

14:23:41.0167 5524        AmdPPM - ok

14:23:41.0183 5524        amdsata - ok

14:23:41.0183 5524        amdsbs - ok

14:23:41.0183 5524        amdxata - ok

14:23:41.0214 5524        androidusb - ok

14:23:41.0245 5524        AnyDVD - ok

14:23:41.0261 5524        ApfiltrService - ok

14:23:41.0276 5524        AppID - ok

14:23:41.0292 5524        arc - ok

14:23:41.0292 5524        arcsas - ok

14:23:41.0323 5524        aswFsBlk - ok

14:23:41.0323 5524        aswMonFlt - ok

14:23:41.0339 5524        aswRdr - ok

14:23:41.0339 5524        aswSnx - ok

14:23:41.0339 5524        aswSP - ok

14:23:41.0354 5524        aswTdi - ok

14:23:41.0354 5524        AsyncMac - ok

14:23:41.0354 5524        atapi - ok

14:23:41.0370 5524        atikmdag - ok

14:23:41.0386 5524        b06bdrv - ok

14:23:41.0401 5524        b57nd60a - ok

14:23:41.0417 5524        Beep - ok

14:23:41.0448 5524        blbdrive - ok

14:23:41.0448 5524        bowser - ok

14:23:41.0464 5524        BrFiltLo - ok

14:23:41.0464 5524        BrFiltUp - ok

14:23:41.0464 5524        Brserid - ok

14:23:41.0479 5524        BrSerWdm - ok

14:23:41.0479 5524        BrUsbMdm - ok

14:23:41.0495 5524        BrUsbSer - ok

14:23:41.0510 5524        BthEnum - ok

14:23:41.0510 5524        BTHMODEM - ok

14:23:41.0526 5524        BthPan - ok

14:23:41.0542 5524        BTHPORT - ok

14:23:41.0557 5524        BTHUSB - ok

14:23:41.0573 5524        BTWAMPFL - ok

14:23:41.0573 5524        btwaudio - ok

14:23:41.0588 5524        btwavdt - ok

14:23:41.0604 5524        btwl2cap - ok

14:23:41.0604 5524        btwrchid - ok

14:23:41.0620 5524        cdfs - ok

14:23:41.0620 5524        cdrom - ok

14:23:41.0635 5524        circlass - ok

14:23:41.0635 5524        CLFS - ok

14:23:41.0666 5524        CmBatt - ok

14:23:41.0666 5524        cmdide - ok

14:23:41.0666 5524        CNG - ok

14:23:41.0682 5524        Compbatt - ok

14:23:41.0682 5524        CompositeBus - ok

14:23:41.0698 5524        crcdisk - ok

14:23:41.0713 5524        CSC - ok

14:23:41.0729 5524        DfsC - ok

14:23:41.0744 5524        dg_ssudbus - ok

14:23:41.0744 5524        discache - ok

14:23:41.0760 5524        Disk - ok

14:23:41.0776 5524        drmkaud - ok

14:23:41.0791 5524        dtsoftbus01 - ok

14:23:41.0807 5524        DXGKrnl - ok

14:23:41.0807 5524        ebdrv - ok

14:23:41.0838 5524        ElbyCDIO - ok

14:23:41.0854 5524        elxstor - ok

14:23:41.0869 5524        ErrDev - ok

14:23:41.0885 5524        exfat - ok

14:23:41.0885 5524        fastfat - ok

14:23:41.0900 5524        fdc - ok

14:23:41.0932 5524        FileInfo - ok

14:23:41.0932 5524        Filetrace - ok

14:23:41.0947 5524        flpydisk - ok

14:23:41.0963 5524        FltMgr - ok

14:23:41.0978 5524        FsDepends - ok

14:23:41.0978 5524        Fs_Rec - ok

14:23:41.0994 5524        fvevol - ok

14:23:41.0994 5524        gagp30kx - ok

14:23:42.0025 5524        hamachi - ok

14:23:42.0056 5524        hcw85cir - ok

14:23:42.0088 5524        HdAudAddService - ok

14:23:42.0103 5524        HDAudBus - ok

14:23:42.0103 5524        HidBatt - ok

14:23:42.0103 5524        HidBth - ok

14:23:42.0119 5524        HidIr - ok

14:23:42.0134 5524        HidUsb - ok

14:23:42.0166 5524        HpSAMD - ok

14:23:42.0166 5524        HTTP - ok

14:23:42.0166 5524        hwpolicy - ok

14:23:42.0181 5524        i8042prt - ok

14:23:42.0181 5524        iaStorV - ok

14:23:42.0197 5524        iirsp - ok

14:23:42.0212 5524        IntcAzAudAddService - ok

14:23:42.0228 5524        intelide - ok

14:23:42.0275 5524        intelppm - ok

14:23:42.0290 5524        IpFilterDriver - ok

14:23:42.0306 5524        IPMIDRV - ok

14:23:42.0306 5524        IPNAT - ok

14:23:42.0322 5524        IRENUM - ok

14:23:42.0337 5524        isapnp - ok

14:23:42.0337 5524        iScsiPrt - ok

14:23:42.0368 5524        kbdclass - ok

14:23:42.0384 5524        kbdhid - ok

14:23:42.0400 5524        KSecDD - ok

14:23:42.0400 5524        KSecPkg - ok

14:23:42.0415 5524        ksthunk - ok

14:23:42.0462 5524        lltdio - ok

14:23:42.0493 5524        LSI_FC - ok

14:23:42.0493 5524        LSI_SAS - ok

14:23:42.0524 5524        LSI_SAS2 - ok

14:23:42.0540 5524        LSI_SCSI - ok

14:23:42.0602 5524        luafv - ok

14:23:42.0727 5524        megasas - ok

14:23:42.0743 5524        MegaSR - ok

14:23:42.0743 5524        Modem - ok

14:23:42.0758 5524        monitor - ok

14:23:42.0774 5524        mouclass - ok

14:23:42.0790 5524        mouhid - ok

14:23:42.0790 5524        mountmgr - ok

14:23:42.0790 5524        mpio - ok

14:23:42.0821 5524        mpsdrv - ok

14:23:42.0821 5524        MRxDAV - ok

14:23:42.0836 5524        mrxsmb - ok

14:23:42.0836 5524        mrxsmb10 - ok

14:23:42.0852 5524        mrxsmb20 - ok

14:23:42.0852 5524        msahci - ok

14:23:42.0852 5524        msdsm - ok

14:23:42.0883 5524        Msfs - ok

14:23:42.0883 5524        mshidkmdf - ok

14:23:42.0899 5524        msisadrv - ok

14:23:42.0914 5524        MSKSSRV - ok

14:23:42.0914 5524        MSPCLOCK - ok

14:23:42.0930 5524        MSPQM - ok

14:23:42.0930 5524        MsRPC - ok

14:23:42.0930 5524        mssmbios - ok

14:23:42.0946 5524        MSTEE - ok

14:23:42.0946 5524        MTConfig - ok

14:23:42.0961 5524        Mup - ok

14:23:43.0024 5524        NativeWifiP - ok

14:23:43.0024 5524        NDIS - ok

14:23:43.0039 5524        NdisCap - ok

14:23:43.0039 5524        NdisTapi - ok

14:23:43.0039 5524        Ndisuio - ok

14:23:43.0055 5524        NdisWan - ok

14:23:43.0055 5524        NDProxy - ok

14:23:43.0070 5524        NetBIOS - ok

14:23:43.0070 5524        NetBT - ok

14:23:43.0102 5524        netw5v64 - ok

14:23:43.0117 5524        NETwNs64 - ok

14:23:43.0133 5524        nfrd960 - ok

14:23:43.0180 5524        nmwcd - ok

14:23:43.0195 5524        nmwcdc - ok

14:23:43.0226 5524        nmwcdnsucx64 - ok

14:23:43.0242 5524        nmwcdnsux64 - ok

14:23:43.0242 5524        Npfs - ok

14:23:43.0242 5524        nsiproxy - ok

14:23:43.0258 5524        Ntfs - ok

14:23:43.0258 5524        Null - ok

14:23:43.0273 5524        nvraid - ok

14:23:43.0273 5524        nvstor - ok

14:23:43.0289 5524        nv_agp - ok

14:23:43.0304 5524        ohci1394 - ok

14:23:43.0320 5524        Parport - ok

14:23:43.0320 5524        partmgr - ok

14:23:43.0336 5524        pccsmcfd - ok

14:23:43.0336 5524        pci - ok

14:23:43.0336 5524        pciide - ok

14:23:43.0351 5524        pcmcia - ok

14:23:43.0351 5524        pcouffin - ok

14:23:43.0351 5524        pcw - ok

14:23:43.0367 5524        PEAUTH - ok

14:23:43.0398 5524        PptpMiniport - ok

14:23:43.0414 5524        Processor - ok

14:23:43.0429 5524        Psched - ok

14:23:43.0445 5524        ql2300 - ok

14:23:43.0445 5524        ql40xx - ok

14:23:43.0460 5524        QWAVEdrv - ok

14:23:43.0460 5524        RasAcd - ok

14:23:43.0460 5524        RasAgileVpn - ok

14:23:43.0476 5524        Rasl2tp - ok

14:23:43.0476 5524        RasPppoe - ok

14:23:43.0492 5524        RasSstp - ok

14:23:43.0492 5524        rdbss - ok

14:23:43.0492 5524        rdpbus - ok

14:23:43.0507 5524        RDPCDD - ok

14:23:43.0507 5524        RDPDR - ok

14:23:43.0523 5524        RDPENCDD - ok

14:23:43.0523 5524        RDPREFMP - ok

14:23:43.0538 5524        RdpVideoMiniport - ok

14:23:43.0554 5524        RDPWD - ok

14:23:43.0570 5524        rdyboost - ok

14:23:43.0570 5524        regi - ok

14:23:43.0616 5524        Revoflt - ok

14:23:43.0632 5524        RFCOMM - ok

14:23:43.0632 5524        rimsptsk - ok

14:23:43.0648 5524        rspndr - ok

14:23:43.0663 5524        RTHDMIAzAudService - ok

14:23:43.0663 5524        s3cap - ok

14:23:43.0679 5524        SbieDrv - ok

14:23:43.0679 5524        sbp2port - ok

14:23:43.0694 5524        scfilter - ok

14:23:43.0726 5524        SCLx64 - ok

14:23:43.0819 5524        sdbus - ok

14:23:43.0819 5524        secdrv - ok

14:23:43.0835 5524        Serenum - ok

14:23:43.0850 5524        Serial - ok

14:23:43.0850 5524        sermouse - ok

14:23:43.0928 5524        SFEP - ok

14:23:43.0944 5524        sffdisk - ok

14:23:43.0944 5524        sffp_mmc - ok

14:23:43.0944 5524        sffp_sd - ok

14:23:43.0960 5524        sfloppy - ok

14:23:43.0975 5524        SiSRaid2 - ok

14:23:43.0975 5524        SiSRaid4 - ok

14:23:43.0991 5524        Smb - ok

14:23:44.0006 5524        spldr - ok

14:23:44.0022 5524        sptd - ok

14:23:44.0022 5524        srv - ok

14:23:44.0038 5524        srv2 - ok

14:23:44.0038 5524        SrvHsfHDA - ok

14:23:44.0053 5524        SrvHsfV92 - ok

14:23:44.0053 5524        SrvHsfWinac - ok

14:23:44.0053 5524        srvnet - ok

14:23:44.0069 5524        ssadbus - ok

14:23:44.0084 5524        ssadmdfl - ok

14:23:44.0100 5524        ssadmdm - ok

14:23:44.0116 5524        ssudmdm - ok

14:23:44.0131 5524        stexstor - ok

14:23:44.0147 5524        storflt - ok

14:23:44.0147 5524        storvsc - ok

14:23:44.0162 5524        swenum - ok

14:23:44.0162 5524        Synth3dVsc - ok

14:23:44.0178 5524        Tcpip - ok

14:23:44.0194 5524        TCPIP6 - ok

14:23:44.0209 5524        tcpipreg - ok

14:23:44.0209 5524        TDPIPE - ok

14:23:44.0209 5524        TDTCP - ok

14:23:44.0240 5524        tdx - ok

14:23:44.0256 5524        teamviewervpn - ok

14:23:44.0256 5524        TermDD - ok

14:23:44.0287 5524        tssecsrv - ok

14:23:44.0287 5524        TsUsbFlt - ok

14:23:44.0303 5524        tsusbhub - ok

14:23:44.0318 5524        tunnel - ok

14:23:44.0318 5524        uagp35 - ok

14:23:44.0318 5524        udfs - ok

14:23:44.0365 5524        uliagpkx - ok

14:23:44.0381 5524        umbus - ok

14:23:44.0381 5524        UmPass - ok

14:23:44.0428 5524        UnlockerDriver5 - ok

14:23:44.0443 5524        upperdev - ok

14:23:44.0474 5524        usbaudio - ok

14:23:44.0474 5524        usbccgp - ok

14:23:44.0490 5524        usbcir - ok

14:23:44.0490 5524        usbehci - ok

14:23:44.0506 5524        usbhub - ok

14:23:44.0506 5524        usbohci - ok

14:23:44.0506 5524        usbprint - ok

14:23:44.0537 5524        usbser - ok

14:23:44.0537 5524        UsbserFilt - ok

14:23:44.0537 5524        USBSTOR - ok

14:23:44.0552 5524        usbuhci - ok

14:23:44.0552 5524        usbvideo - ok

14:23:44.0568 5524        vdrvroot - ok

14:23:44.0584 5524        vga - ok

14:23:44.0584 5524        VgaSave - ok

14:23:44.0584 5524        VGPU - ok

14:23:44.0599 5524        vhdmp - ok

14:23:44.0599 5524        viaide - ok

14:23:44.0599 5524        vmbus - ok

14:23:44.0615 5524        VMBusHID - ok

14:23:44.0615 5524        volmgr - ok

14:23:44.0646 5524        volmgrx - ok

14:23:44.0646 5524        volsnap - ok

14:23:44.0646 5524        vpcbus - ok

14:23:44.0662 5524        vpcnfltr - ok

14:23:44.0662 5524        vpcusb - ok

14:23:44.0677 5524        vpcvmm - ok

14:23:44.0677 5524        vsmraid - ok

14:23:44.0693 5524        vwifibus - ok

14:23:44.0708 5524        VWiFiFlt - ok

14:23:44.0724 5524        vwifimp - ok

14:23:44.0740 5524        WacomPen - ok

14:23:44.0740 5524        WANARP - ok

14:23:44.0755 5524        Wanarpv6 - ok

14:23:44.0771 5524        Wd - ok

14:23:44.0786 5524        Wdf01000 - ok

14:23:44.0802 5524        WfpLwf - ok

14:23:44.0818 5524        WIMMount - ok

14:23:44.0864 5524        WinUsb - ok

14:23:44.0880 5524        WmiAcpi - ok

14:23:44.0911 5524        ws2ifsl - ok

14:23:44.0927 5524        WudfPf - ok

14:23:44.0927 5524        WUDFRd - ok

14:23:44.0958 5524        yukonw7 - ok

14:23:44.0989 5524        [verify-U]_System - ok

14:23:45.0083 5524        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:23:45.0254 5524        \Device\Harddisk0\DR0 - ok

14:23:45.0254 5524        ============================================================

14:23:45.0254 5524        Scan finished

14:23:45.0254 5524        ============================================================

14:23:45.0270 0924        Detected object count: 0

14:23:45.0270 0924        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

gesagt, getan

Code:

ComboFix 12-01-02.01 - Norbert das Notebook 02.01.2012  14:57:16.1.2 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3069.1997 [GMT 1:00]

ausgeführt von:: c:\users\Norbert das Notebook\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Roaming

c:\users\Norbert das Notebook\AppData\Local\lame_enc.dll

c:\users\Norbert das Notebook\AppData\Local\no23xwrapper.dll

c:\users\Norbert das Notebook\AppData\Local\ogg.dll

c:\users\Norbert das Notebook\AppData\Local\vorbis.dll

c:\users\Norbert das Notebook\AppData\Local\vorbisenc.dll

c:\users\Norbert das Notebook\AppData\Local\vorbisfile.dll

c:\users\Norbert das Notebook\AppData\Roaming\inst.exe

c:\users\Norbert das Notebook\AppData\Roaming\vso_ts_preview.xml

c:\windows\system32\java.exe

c:\windows\SysWow64\muzapp.exe

c:\windows\SysWow64\system32

c:\windows\SysWow64\system32\3DAudio.ax

c:\windows\SysWow64\system32\avrt.dll

c:\windows\SysWow64\system32\cis-2.4.dll

c:\windows\SysWow64\system32\issacapi_bs-2.3.dll

c:\windows\SysWow64\system32\issacapi_pe-2.3.dll

c:\windows\SysWow64\system32\issacapi_se-2.3.dll

c:\windows\SysWow64\system32\MACXMLProto.dll

c:\windows\SysWow64\system32\MaDRM.dll

c:\windows\SysWow64\system32\MaJGUILib.dll

c:\windows\SysWow64\system32\MAMACExtract.dll

c:\windows\SysWow64\system32\MASetupCleaner.exe

c:\windows\SysWow64\system32\MaXMLProto.dll

c:\windows\SysWow64\system32\mfplat.dll

c:\windows\SysWow64\system32\MK_Lyric.dll

c:\windows\SysWow64\system32\MSCLib.dll

c:\windows\SysWow64\system32\MSFLib.dll

c:\windows\SysWow64\system32\MSLUR71.dll

c:\windows\SysWow64\system32\msvcp60.dll

c:\windows\SysWow64\system32\MTTELECHIP.dll

c:\windows\SysWow64\system32\MTXSYNCICON.dll

c:\windows\SysWow64\system32\muzaf1.dll

c:\windows\SysWow64\system32\muzapp.dll

c:\windows\SysWow64\system32\muzapp.exe

c:\windows\SysWow64\system32\muzdecode.ax

c:\windows\SysWow64\system32\muzeffect.ax

c:\windows\SysWow64\system32\muzmp4sp.ax

c:\windows\SysWow64\system32\muzmpgsp.ax

c:\windows\SysWow64\system32\muzoggsp.ax

c:\windows\SysWow64\system32\muzwmts.dll

c:\windows\SysWow64\system32\psapi.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))

.

.

2012-01-02 14:04 . 2012-01-02 14:04        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-02 11:45 . 2012-01-02 11:45        --------        d-----w-        C:\_OTL

2011-12-31 13:49 . 2011-12-31 13:53        --------        d-----w-        C:\...Browser

2011-12-31 11:11 . 2011-12-31 11:11        --------        d-----w-        c:\programdata\SUPERSetup

2011-12-31 11:09 . 2011-12-07 18:37        148992        ----a-w-        c:\windows\system32\lagarith.dll

2011-12-31 11:09 . 2011-03-02 11:43        203264        ----a-w-        c:\windows\system32\unrar.dll

2011-12-31 11:09 . 2011-12-29 18:00        92160        ----a-w-        c:\windows\system32\ff_vfw.dll

2011-12-31 11:09 . 2011-12-31 11:09        --------        d-----w-        c:\program files\K-Lite Codec Pack x64

2011-12-31 10:45 . 2011-12-08 04:22        98616        ----a-w-        c:\windows\system32\drivers\ssudbus.sys

2011-12-31 10:45 . 2011-12-08 04:22        203320        ----a-w-        c:\windows\system32\drivers\ssudmdm.sys

2011-12-29 17:12 . 2011-12-29 17:12        --------        d-----w-        c:\users\Norbert das Notebook\AppData\Roaming\Malwarebytes

2011-12-29 17:12 . 2011-12-29 17:12        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-28 17:10 . 2011-12-28 17:10        --------        d-----w-        c:\program files (x86)\Trend Micro

2011-12-23 17:54 . 2011-12-23 17:54        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-23 17:54 . 2011-12-23 17:54        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-23 17:54 . 2011-12-23 17:54        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-23 17:54 . 2011-12-23 17:54        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-22 17:56 . 2011-12-22 17:56        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi

2011-12-17 14:45 . 2011-12-17 14:45        --------        d-----w-        c:\program files\Tracker Software

2011-12-16 21:57 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-16 21:57 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-16 21:57 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-16 21:57 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-12-16 21:57 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-16 21:57 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-12-16 21:35 . 2011-12-16 21:35        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll

2011-12-16 21:35 . 2011-12-16 21:35        --------        d-----w-        c:\program files\Java

2011-12-16 21:35 . 2011-12-16 21:35        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-12-16 21:34 . 2011-12-16 21:34        637848        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll

2011-12-16 21:34 . 2011-12-16 21:34        --------        d-----w-        c:\program files (x86)\Java

2011-12-13 08:35 . 2011-12-13 08:35        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2011-12-04 21:23 . 2011-12-04 21:23        138872        ----a-w-        c:\windows\SysWow64\drivers\AnyDVD.sys

2011-12-04 21:23 . 2011-12-04 21:23        138872        ----a-w-        c:\windows\system32\drivers\AnyDVD.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-20 06:43 . 2011-04-10 06:00        2828        --sha-w-        c:\programdata\KGyGaAvL.sys

2011-12-16 21:35 . 2011-04-09 20:15        660368        ----a-w-        c:\windows\system32\deployJava1.dll

2011-12-16 21:34 . 2011-04-09 20:14        567184        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-11-28 18:01 . 2011-04-09 19:25        41184        ----a-w-        c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-04-09 19:25        199816        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-04-09 19:26        256960        ----a-w-        c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-04-09 19:26        591192        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-04-09 19:26        304472        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-04-09 19:26        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-04-09 19:26        58712        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-04-09 19:26        66904        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-04-09 19:26        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2011-11-11 18:17 . 2011-11-11 18:17        279616        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2011-11-11 18:14 . 2011-04-09 19:55        530488        ----a-w-        c:\windows\system32\drivers\sptd.sys

2011-11-11 05:19 . 2011-10-07 05:41        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-24 12:29 . 2011-10-24 12:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 12:29 . 2011-10-24 12:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]

"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-12-30 5598840]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"StartupDelayer"="c:\program files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" [2009-03-08 73728]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]

.

c:\users\Norbert das Notebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoStart.lnk - c:\programdata\Microsoft\Windows\Start Menu\Programs\Systemprogramme\Sonstiges\Programm_Beenden.bat [2011-7-10 439]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-25 1137952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRecentDocsNetHood"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe [2008-10-24 128296]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

R2 mcShoutCastECommerceService;mcShoutCastECommerceService;c:\program files\mcShoutCast\mcShoutCastECommerceService.exe [2011-03-29 8192]

R2 mcShoutCastLauraFM;mcShoutCastLauraFM;c:\program files\mcShoutCast\ShoutCastLauraFMService.exe [2011-03-29 7680]

R2 mcShoutCastProxy;mcShoutCastProxy;c:\program files\mcShoutCast\ShoutCastProxyService.exe [2011-03-29 66560]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 SCLx64;SCL010 Contactless Reader;c:\windows\system32\DRIVERS\SCLx64.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-04-09 189984]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]

S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]

S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 19059951

*Deregistered* - 19059951

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-31 c:\windows\Tasks\elbyExecuteWithUAC.job

- c:\program files (x86)\SlySoft\AnyDVD\ExecuteWithUAC.exe [2008-06-27 19:26]

.

2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8d54e0ef6e7d.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 14:44]

.

2011-07-11 c:\windows\Tasks\SidebarExecute.job

- c:\program files\Windows Sidebar\sidebar.exe [2011-04-09 03:25]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Norbert das Notebook\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-03-13 152576]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Norbert das Notebook\AppData\Roaming\Mozilla\Firefox\Profiles\szj9kw3a.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-tulox - c:\program files (x86)\tulox\Unwise32

.

.

"ImagePath"="system32\drivers\

[verify-U]-driver.sys"

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\[verify-U]_System]

"ImagePath"="system32\drivers\

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-02  15:09:31

ComboFix-quarantined-files.txt  2012-01-02 14:09

.

Vor Suchlauf: 15 Verzeichnis(se), 36.672.520.192 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 36.499.148.800 Bytes frei

.

- - End Of File - - 3FA933B8A3812978EE2100C73814DB7F

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hier das Log von aswMBR. Das ist als Quickscan ausgeführt, hoffe das passt. :)

Code:

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software

Run date: 2012-01-02 16:54:16

-----------------------------

16:54:16.093    OS Version: Windows x64 6.1.7601 Service Pack 1

16:54:16.093    Number of processors: 2 586 0xF0D

16:54:16.095    ComputerName: NORBERTDASNOTEB  UserName: 

16:54:16.450    Initialize success

16:54:16.513    AVAST engine defs: 12010200

16:55:26.718    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

16:55:26.718    Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 00000009 Size: 238475MB BusType: 11

16:55:26.718    Disk 1  \Device\Harddisk1\SR0 -> \Device\SdBus-0

16:55:26.733    Disk 1 Vendor: (  Size: 3854MB BusType: 12

16:55:26.733    Disk 2  \Device\Harddisk2\DR1 -> \Device\00000074

16:55:26.733    Disk 2 Vendor: RICOH 02 Size: 3854MB BusType: 0

16:55:26.765    Disk 0 MBR read successfully

16:55:26.765    Disk 0 MBR scan

16:55:26.765    Disk 0 Windows 7 default MBR code

16:55:26.765    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63

16:55:26.780    Disk 0 Partition 2 00     27 Hidden NTFS WinRE NTFS        11485 MB offset 2048

16:55:26.796    Disk 0 Partition 3 80 (A) 42          SFS NTFS          100 MB offset 23523328

16:55:26.811    Disk 0 Partition 4 00     42          SFS NTFS       114188 MB offset 23728128

16:55:26.827    Service scanning

16:55:28.699    Modules scanning

16:55:28.699    Disk 0 trace - called modules:

16:55:28.699    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

16:55:28.715    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033f4400]

16:55:28.715    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002f72260]

16:55:29.105    AVAST engine scan C:\Windows

16:55:29.105    AVAST engine scan C:\Windows\system32

16:55:29.120    AVAST engine scan C:\Windows\system32\drivers

16:55:29.120    AVAST engine scan C:\Users\Norbert das Notebook

16:55:29.136    AVAST engine scan C:\ProgramData

16:55:29.136    Scan finished successfully

16:55:47.138    Disk 0 MBR has been saved successfully to "C:\Users\Norbert das Notebook\Desktop\MBR.dat"

16:55:47.138    The log file has been saved successfully to "C:\Users\Norbert das Notebook\Desktop\aswMBR.txt"