1. TeaTimer deactiviert (dachte wenn ich echtzeitscan ausmach reicht das)
2.defrogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:22 on 05/06/2012 (murxx)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
3.adwearclean: Code:
# AdwCleaner v1.608 - Logfile created 06/05/2012 at 14:19:57
# Updated 27/05/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : murxx - MURXX-PC
# Running from : C:\Users\murxx\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\murxx\AppData\Local\Conduit
Folder Deleted : C:\Users\murxx\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\murxx\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\murxx\AppData\Roaming\Mozilla\Firefox\Profiles\bbeftfgc.default\ConduitCommon
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\Users\murxx\AppData\Roaming\Mozilla\Firefox\Profiles\bbeftfgc.default\searchplugins\Startsear.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (de)
Profile name : default
File : C:\Users\murxx\AppData\Roaming\Mozilla\Firefox\Profiles\bbeftfgc.default\prefs.js
Deleted : user_pref("CT2851647..clientLogIsEnabled", false);
Deleted : user_pref("CT2851647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2851647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2851647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2851647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2851647.CTID", "CT2851647");
Deleted : user_pref("CT2851647.CurrentServerDate", "25-3-2012");
Deleted : user_pref("CT2851647.DSInstall", false);
Deleted : user_pref("CT2851647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2851647.DialogsGetterLastCheckTime", "Sun Mar 25 2012 11:42:09 GMT+0200");
Deleted : user_pref("CT2851647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2851647.EMailNotifierPollDate", "Sun Mar 25 2012 12:02:25 GMT+0200");
Deleted : user_pref("CT2851647.FeedLastCount2532783744689806690", 60);
Deleted : user_pref("CT2851647.FeedPollDate2429156812186649977", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813040823546", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813130095866", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813224203613", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813230837251", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813454291735", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813729834876", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156813860870021", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814264681793", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156814863075366", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedPollDate2429156815257761081", "Sun Mar 25 2012 11:42:12 GMT+0200");
Deleted : user_pref("CT2851647.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2851647.FirstServerDate", "25-3-2012");
Deleted : user_pref("CT2851647.FirstTime", true);
Deleted : user_pref("CT2851647.FirstTimeFF3", true);
Deleted : user_pref("CT2851647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2851647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2851647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2851647.HPInstall", false);
Deleted : user_pref("CT2851647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2851647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2851647.HomepageBeforeUnload", "hxxp://www.google.de/");
Deleted : user_pref("CT2851647.Initialize", true);
Deleted : user_pref("CT2851647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2851647.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2851647.InstallationId", "ConduitXPEIntegration");
Deleted : user_pref("CT2851647.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT2851647.InstalledDate", "Sun Mar 25 2012 11:42:10 GMT+0200");
Deleted : user_pref("CT2851647.IsAlertDBUpdated", true);
Deleted : user_pref("CT2851647.IsGrouping", false);
Deleted : user_pref("CT2851647.IsInitSetupIni", true);
Deleted : user_pref("CT2851647.IsMulticommunity", false);
Deleted : user_pref("CT2851647.IsOpenThankYouPage", true);
Deleted : user_pref("CT2851647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2851647.LanguagePackLastCheckTime", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CT2851647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2851647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2851647.LastLogin_3.10.0.1", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CT2851647.LatestVersion", "3.10.0.1");
Deleted : user_pref("CT2851647.Locale", "de");
Deleted : user_pref("CT2851647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2851647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2851647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2851647.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2851647.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT2851647.SearchCaption", "uTorrentBar_DE Customized Web Search");
Deleted : user_pref("CT2851647.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2851647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2851647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2851647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2851647.SearchInNewTabLastCheckTime", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CT2851647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2851647.SearchProtectorEnabled", false);
Deleted : user_pref("CT2851647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2851647.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2851647.ServiceMapLastCheckTime", "Sun Mar 25 2012 11:42:08 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastCheckTime", "Sun Mar 25 2012 11:42:09 GMT+0200");
Deleted : user_pref("CT2851647.SettingsLastUpdate", "1325075569");
Deleted : user_pref("CT2851647.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
Deleted : user_pref("CT2851647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastCheck", "Sun Mar 25 2012 11:42:08 GMT+0200");
Deleted : user_pref("CT2851647.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2851647.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2851647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2851647");
Deleted : user_pref("CT2851647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2851647.Uninstall", true);
Deleted : user_pref("CT2851647.UserID", "UN56961405696844599");
Deleted : user_pref("CT2851647.WeatherNetwork", "");
Deleted : user_pref("CT2851647.WeatherPollDate", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CT2851647.WeatherUnit", "C");
Deleted : user_pref("CT2851647.alertChannelId", "1243681");
Deleted : user_pref("CT2851647.autoDisableScopes", -1);
Deleted : user_pref("CT2851647.backendstorage.cbfirsttime", "53756E204D617220323520323031322031313A35323A32352[...]
Deleted : user_pref("CT2851647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2851647.globalFirstTimeInfoLastCheckTime", "Sun Mar 25 2012 11:42:10 GMT+0200");
Deleted : user_pref("CT2851647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.initDone", true);
Deleted : user_pref("CT2851647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2851647.myStuffEnabled", true);
Deleted : user_pref("CT2851647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2851647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2851647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2851647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2851647.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2851647.revertSettingsEnabled", true);
Deleted : user_pref("CT2851647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2851647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2851647.testingCtid", "");
Deleted : user_pref("CT2851647.toolbarAppMetaDataLastCheckTime", "Sun Mar 25 2012 11:42:09 GMT+0200");
Deleted : user_pref("CT2851647.toolbarContextMenuLastCheckTime", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CT2851647.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2851647/CT2851647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243681/1239354/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"673[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\murxx\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://startsear.ch/?aff=1&src=sp&cf=573[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2851647");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2851647");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "f6fb261f-5264-41a6-99a9-603318823f72");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2851647");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 25 2012 11:42:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Mar 25 2012 11:52:33 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Mar 25 2012 11:42:13 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "579f38c6-5c8d-4a05-9155-40e971bbb9f4");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.de/");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultengine", "Web Search");
Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Deleted : user_pref("browser.search.order.1", "Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=[...]
*************************
AdwCleaner[R1].txt - [14115 octets] - [05/06/2012 08:58:23]
AdwCleaner[R2].txt - [14176 octets] - [05/06/2012 09:46:14]
AdwCleaner[S1].txt - [14432 octets] - [05/06/2012 14:19:57]
########## EOF - C:\AdwCleaner[S1].txt - [14561 octets] ##########
4.COmbofix: Code:
ComboFix 12-06-05.01 - murxx 05.06.2012 14:29:33.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.2046.1212 [GMT 2:00]
ausgeführt von:: c:\users\murxx\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\murxx\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\64dlls.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\intel64.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\Kernel32.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\localsys64.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\ntos.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\oembios.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\sdra64.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\sdra73.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\swin32.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\twex.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\twext.exe
c:\documents and settings\tdmbuild.FOXBORO_1\Application Data\wsnpoema.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-05 bis 2012-06-05 ))))))))))))))))))))))))))))))
.
.
2012-06-05 12:35 . 2012-06-05 12:35 -------- d-----w- c:\users\murxx\AppData\Local\temp
2012-06-05 12:35 . 2012-06-05 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 12:35 . 2012-06-05 12:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-03 12:19 . 2012-06-03 12:19 -------- d-----w- c:\users\murxx\AppData\Roaming\Malwarebytes
2012-06-03 12:19 . 2012-06-03 12:19 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 12:19 . 2012-06-03 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-03 12:19 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 19:17 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D01894E5-0449-4077-96F0-CF1FB6E3B486}\mpengine.dll
2012-05-22 21:46 . 2012-05-22 21:46 -------- d-----w- c:\windows\Downloaded Installations
2012-05-22 21:45 . 2012-05-22 21:45 -------- d-----w- c:\program files\SIMSCI
2012-05-19 11:39 . 2012-06-02 19:14 -------- d-----w- c:\users\murxx\AppData\Roaming\TS3Client
2012-05-19 11:39 . 2012-05-19 11:39 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-05-11 10:23 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 10:23 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 10:23 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 10:23 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 10:23 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 10:23 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 10:23 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 10:22 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 10:22 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 10:21 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 21:12 . 2011-10-22 16:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:12 . 2011-10-22 16:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 02:57 . 2012-04-04 09:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 02:57 . 2011-10-22 22:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-06 16:32 . 2011-10-22 22:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-25 00:11 . 2012-03-25 00:11 368640 ----a-w- c:\windows\system32\ReWire.dll
2012-03-25 00:11 . 2012-03-25 00:11 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2012-04-25 14:07 . 2011-10-22 17:14 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-09-09 523216]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^murxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\murxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-05-15 4135800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vproiah;vproiah;c:\windows\system32\DRIVERS\vproiah.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-10-22 691696]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2011-09-09 87976]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-19 243712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-02 11596]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 02:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = www-chache.uni-mannheim.de:3128
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 134.155.96.52 134.155.96.53
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-05 14:36:55
ComboFix-quarantined-files.txt 2012-06-05 12:36
ComboFix2.txt 2012-06-05 07:45
ComboFix3.txt 2012-06-04 10:07
.
Vor Suchlauf: 186.725.130.240 bytes free
Nach Suchlauf: 186.667.302.912 bytes free
.
- - End Of File - - 9447EC9234CF1BDCB4F861E4237F97BF
5.OTL: Code:
OTL logfile created on: 05.06.2012 14:41:36 - Run 3
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\murxx\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 58,90% Memory free
4,00 Gb Paging File | 3,01 Gb Available in Paging File | 75,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 173,92 Gb Free Space | 58,37% Space Free | Partition Type: NTFS
Computer Name: MURXX-PC | User Name: murxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.02 20:08:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\murxx\Desktop\OTL.exe
PRC - [2012.05.08 23:12:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 23:12:48 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 23:12:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 23:12:48 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.20 02:04:38 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.04.20 02:04:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2004.09.10 07:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.01 21:16:57 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012.06.01 21:16:37 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.06.01 21:16:32 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.11 21:04:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 21:03:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 21:03:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 21:03:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 21:03:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.09.30 22:36:20 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.04 15:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.05.20 03:05:06 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 23:12:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 23:12:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 04:57:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.25 16:07:16 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.05.16 00:50:00 | 004,135,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.04.20 02:04:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.20 14:19:33 | 000,068,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.09.10 07:00:00 | 000,189,536 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
========== Driver Services (SafeList) ==========
DRV - File not found [File_System | On_Demand | Stopped] -- system32\DRIVERS\vproiah.sys -- (vproiah)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\murxx\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.05.08 23:12:49 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 23:12:49 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.22 22:51:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.09 18:00:05 | 000,023,464 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.09.09 17:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2011.04.20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.04.20 02:43:42 | 007,772,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.04.20 01:22:10 | 000,243,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.20 10:42:28 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 03:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2005.11.02 10:54:44 | 000,011,596 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr)
DRV - [2004.09.10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sentinel.sys -- (Sentinel)
DRV - [1998.07.10 18:01:00 | 000,007,328 | ---- | M] () [Unknown (0) | Boot | Unknown] -- C:\Windows\System32\drivers\ds1410d.sys -- (DS1410D)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{70B32755-8E37-45F1-B1C5-15E74D747C7F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 AB 1F B4 D8 90 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=573a6041-12d5-11e1-a722-00241dd2c3b6&q={searchTerms}
IE - HKCU\..\SearchScopes\{70B32755-8E37-45F1-B1C5-15E74D747C7F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-chache.uni-mannheim.de:3128
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 16:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.04 00:32:30 | 000,000,000 | ---D | M]
[2012.04.25 16:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.25 16:07:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.06 18:32:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.11 00:35:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.11 00:35:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.11 00:35:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.11 00:35:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.11 00:35:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.11 00:35:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.06.05 14:35:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\murxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\murxx\Desktop\PartyPoker.lnk ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 134.155.96.52 134.155.96.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4476AC6D-B05C-41E9-8E49-31173B642EE1}: DhcpNameServer = 134.155.96.52 134.155.96.53
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^Users^murxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.05 14:37:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.05 14:36:57 | 000,000,000 | ---D | C] -- C:\Users\murxx\AppData\Local\temp
[2012.06.05 14:24:15 | 004,537,537 | R--- | C] (Swearware) -- C:\Users\murxx\Desktop\ComboFix.exe
[2012.06.04 11:49:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.04 11:49:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.04 11:49:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.04 11:49:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.06.04 11:39:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.04 04:42:18 | 000,000,000 | ---D | C] -- C:\Users\murxx\Desktop\scanlogs
[2012.06.04 00:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.06.03 22:10:47 | 002,322,184 | ---- | C] (ESET) -- C:\Users\murxx\Desktop\esetsmartinstaller_enu.exe
[2012.06.03 16:55:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.03 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.03 14:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.03 14:19:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.03 14:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.02 20:08:17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\murxx\Desktop\OTL.exe
[2012.05.29 18:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.22 23:46:44 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.05.22 23:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\SIMSCI
[2012.05.19 13:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.05.19 13:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012.05.17 11:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
========== Files - Modified Within 30 Days ==========
[2012.06.05 14:42:40 | 000,664,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.05 14:42:40 | 000,128,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.05 14:38:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.05 14:38:05 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.05 14:37:27 | 000,019,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 14:37:27 | 000,019,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.05 14:35:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.05 14:24:25 | 004,537,537 | R--- | M] (Swearware) -- C:\Users\murxx\Desktop\ComboFix.exe
[2012.06.05 08:57:47 | 000,591,235 | ---- | M] () -- C:\Users\murxx\Desktop\adwcleaner.exe
[2012.06.05 08:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.04 21:01:27 | 000,056,315 | ---- | M] () -- C:\Users\murxx\Desktop\Zombie.jpg
[2012.06.04 00:32:31 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.03 22:10:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\murxx\Desktop\esetsmartinstaller_enu.exe
[2012.06.03 14:19:15 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.03 01:52:48 | 000,001,168 | ---- | M] () -- C:\Windows\FOE2.ini
[2012.06.02 20:09:12 | 000,000,176 | ---- | M] () -- C:\Users\murxx\defogger_reenable
[2012.06.02 20:08:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\murxx\Desktop\OTL.exe
[2012.06.02 20:08:07 | 000,050,477 | ---- | M] () -- C:\Users\murxx\Desktop\Defogger.exe
[2012.06.01 15:12:04 | 000,428,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.23 08:12:49 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\PROII 8.1.lnk
[2012.05.19 13:39:27 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.05.17 11:55:04 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.08 23:12:49 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 23:12:49 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
========== Files Created - No Company Name ==========
[2012.06.05 08:57:46 | 000,591,235 | ---- | C] () -- C:\Users\murxx\Desktop\adwcleaner.exe
[2012.06.04 21:01:27 | 000,056,315 | ---- | C] () -- C:\Users\murxx\Desktop\Zombie.jpg
[2012.06.04 11:49:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.04 11:49:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.04 11:49:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.04 11:49:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.04 11:49:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.04 00:32:31 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.04 00:32:31 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.06.03 14:19:15 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 20:09:01 | 000,000,176 | ---- | C] () -- C:\Users\murxx\defogger_reenable
[2012.06.02 20:08:06 | 000,050,477 | ---- | C] () -- C:\Users\murxx\Desktop\Defogger.exe
[2012.05.23 08:12:49 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\PROII 8.1.lnk
[2012.05.19 13:39:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.05.17 11:35:59 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.04.02 14:29:26 | 000,007,328 | ---- | C] () -- C:\Windows\System32\drivers\ds1410d.sys
[2012.02.28 17:06:12 | 000,280,976 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.28 17:06:11 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.12.08 01:03:48 | 000,001,168 | ---- | C] () -- C:\Windows\FOE2.ini
[2011.10.23 20:07:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.22 17:51:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.03.17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.28 21:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
========== LOP Check ==========
[2012.06.04 11:38:59 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. /U /S >
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
< MD5 for: REGEDIT.EXE >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-01 19:17:17
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\Users\All Users\TEMP:CB2A6156
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB2A6156
< End of report >
OTL hat mir nur die normale OTL.txt ausgespuckt. Hab den ja schon paar mal benutzt aber an den einstellungen nichts verändert. die alte extra.txt is gelöscht.
soll ich ihn mir nochmal neu runterladen und ausführen? oder is an den einstellungen waws falsch ? http://www.abload.de/img/otlnizg7.jpg |
