Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   CIBS POL. - Abg. Modus funktioniert nicht (https://www.trojaner-board.de/135935-cibs-pol-abg-modus-funktioniert.html)

chouia 02.06.2013 14:55
CIBS POL. - Abg. Modus funktioniert nicht
 
Grüezi miteinander

Leider hat auch bei meinem Nachbarn obgenannter Trojaner zugeschlagen. Ich möchte ihm gerne helfen dieses Problem zu beheben, da er gesundheitlich sehr angeschlagen ist.
Dabei bin ich auf dieses Forum gestoßen das bereits mehreren Usern helfen konnte.
Da bereits ein Thread mit dem selben Titel existiert, habe ich schon einmal OTL heruntergeladen und die beiden Text-Dateien erstellt die ich diesem Posting anhänge.
Da ich zum ersten mal in einem Forum wie diesem zugange bin, bitte ich um Verzeihung wenn ich nicht alles auf Anhieb richtig mache.
Für eure Hilfe bin ich auf jeden Fall sehr dankbar. :abklatsch:

markusg 02.06.2013 14:56
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O20 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002 Winlogon: Shell - (C:\Users\NVH\AppData\Roaming\skype.dat) - C:\Users\NVH\AppData\Roaming\skype.dat ()
[2013/06/02 14:27:56 | 000,000,004 | ---- | M] () -- C:\Users\NVH\AppData\Roaming\skype.ini
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

chouia 02.06.2013 15:25
Hi Markus
Vorerst herzlichen Dank für die Mühe mir bei diesem Problem zu helfen.
Hier nun der Inhalt der Datei:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3834777946-2767378379-115329810-1002\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\NVH\AppData\Roaming\skype.dat deleted successfully.
C:\Users\NVH\AppData\Roaming\skype.dat moved successfully.
C:\Users\NVH\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: McAfeeMVSUser

User: NH
->Temp folder emptied: 103236189 bytes
->Temporary Internet Files folder emptied: 102764973 bytes
->FireFox cache emptied: 55184918 bytes
->Flash cache emptied: 771 bytes

User: NVH
->Temp folder emptied: 1716118 bytes
->Temporary Internet Files folder emptied: 1971177 bytes
->FireFox cache emptied: 87476644 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 553 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41196 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 336122780 bytes

Total Files Cleaned = 657.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06022013_161438

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Gruss
George

Markus

Leider finde ich keinen Ordner _OTL

markusg 02.06.2013 15:34
lieg t auf e:

chouia 02.06.2013 15:48
Kann nicht hochladen, da Meldung: "Bitte Link zum Thread überprüfen"
Eingeben: CIBS POL. - Abg. Modus funktioniert nicht

markusg 02.06.2013 15:50
link:
Code:
http://www.trojaner-board.de/135935-cibs-pol-abg-modus-funktioniert.html

chouia 02.06.2013 15:52
Danke - Ist hochgeladen

markusg 02.06.2013 15:56
danke.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

chouia 02.06.2013 16:16
17:05:17.0441 6108 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:05:17.0613 6108 ============================================================
17:05:17.0613 6108 Current date / time: 2013/06/02 17:05:17.0613
17:05:17.0613 6108 SystemInfo:
17:05:17.0613 6108
17:05:17.0613 6108 OS Version: 6.1.7601 ServicePack: 1.0
17:05:17.0613 6108 Product type: Workstation
17:05:17.0613 6108 ComputerName: NVH-HP
17:05:17.0613 6108 UserName: NVH
17:05:17.0613 6108 Windows directory: C:\windows
17:05:17.0613 6108 System windows directory: C:\windows
17:05:17.0613 6108 Running under WOW64
17:05:17.0613 6108 Processor architecture: Intel x64
17:05:17.0613 6108 Number of processors: 4
17:05:17.0613 6108 Page size: 0x1000
17:05:17.0613 6108 Boot type: Normal boot
17:05:17.0613 6108 ============================================================
17:05:18.0221 6108 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:05:18.0221 6108 ============================================================
17:05:18.0221 6108 \Device\Harddisk0\DR0:
17:05:18.0221 6108 MBR partitions:
17:05:18.0221 6108 Initialize success
17:05:18.0221 6108 ============================================================
17:10:33.0653 6380 ============================================================
17:10:33.0653 6380 Scan started
17:10:33.0653 6380 Mode: Manual; SigCheck; TDLFS;
17:10:33.0653 6380 ============================================================
17:10:33.0669 6380 ================ Scan system memory ========================
17:10:33.0669 6380 System memory - ok
17:10:33.0669 6380 ================ Scan services =============================
17:10:33.0700 6380 1394ohci - ok
17:10:33.0716 6380 Accelerometer - ok
17:10:33.0731 6380 ACDaemon - ok
17:10:33.0731 6380 ACPI - ok
17:10:33.0747 6380 AcpiPmi - ok
17:10:33.0763 6380 AdobeARMservice - ok
17:10:33.0778 6380 AdobeFlashPlayerUpdateSvc - ok
17:10:33.0778 6380 adp94xx - ok
17:10:33.0778 6380 adpahci - ok
17:10:33.0778 6380 adpu320 - ok
17:10:33.0794 6380 AeLookupSvc - ok
17:10:33.0809 6380 AESTFilters - ok
17:10:33.0809 6380 Afc - ok
17:10:33.0825 6380 AFD - ok
17:10:33.0841 6380 AgereSoftModem - ok
17:10:33.0841 6380 agp440 - ok
17:10:33.0856 6380 ALG - ok
17:10:33.0856 6380 aliide - ok
17:10:33.0856 6380 AMD External Events Utility - ok
17:10:33.0872 6380 amdide - ok
17:10:33.0872 6380 AmdK8 - ok
17:10:33.0872 6380 amdkmdag - ok
17:10:33.0887 6380 amdkmdap - ok
17:10:33.0887 6380 AmdPPM - ok
17:10:33.0903 6380 amdsata - ok
17:10:33.0903 6380 amdsbs - ok
17:10:33.0903 6380 amdxata - ok
17:10:33.0919 6380 androidusb - ok
17:10:33.0919 6380 AntiVirMailService - ok
17:10:33.0934 6380 AntiVirSchedulerService - ok
17:10:33.0934 6380 AntiVirService - ok
17:10:33.0950 6380 AntiVirWebService - ok
17:10:33.0950 6380 AppID - ok
17:10:33.0950 6380 AppIDSvc - ok
17:10:33.0965 6380 Appinfo - ok
17:10:33.0981 6380 AppMgmt - ok
17:10:33.0981 6380 arc - ok
17:10:33.0997 6380 archlp - ok
17:10:33.0997 6380 arcsas - ok
17:10:33.0997 6380 ARCVCAM - ok
17:10:34.0012 6380 AsyncMac - ok
17:10:34.0012 6380 atapi - ok
17:10:34.0012 6380 AtiHdmiService - ok
17:10:34.0028 6380 AudioEndpointBuilder - ok
17:10:34.0028 6380 AudioSrv - ok
17:10:34.0043 6380 avgntflt - ok
17:10:34.0043 6380 avipbb - ok
17:10:34.0043 6380 avkmgr - ok
17:10:34.0059 6380 AxInstSV - ok
17:10:34.0059 6380 b06bdrv - ok
17:10:34.0059 6380 b57nd60a - ok
17:10:34.0075 6380 BDESVC - ok
17:10:34.0075 6380 Beep - ok
17:10:34.0075 6380 BFE - ok
17:10:34.0090 6380 BITS - ok
17:10:34.0090 6380 blbdrive - ok
17:10:34.0106 6380 Bluetooth Device Manager - ok
17:10:34.0106 6380 Bluetooth Media Service - ok
17:10:34.0106 6380 Bluetooth OBEX Service - ok
17:10:34.0121 6380 bowser - ok
17:10:34.0121 6380 BrFiltLo - ok
17:10:34.0121 6380 BrFiltUp - ok
17:10:34.0121 6380 Browser - ok
17:10:34.0137 6380 BrSerIb - ok
17:10:34.0153 6380 Brserid - ok
17:10:34.0153 6380 BrSerWdm - ok
17:10:34.0153 6380 BrUsbMdm - ok
17:10:34.0153 6380 BrUsbSer - ok
17:10:34.0168 6380 BrUsbSIb - ok
17:10:34.0168 6380 BrYNSvc - ok
17:10:34.0184 6380 BthEnum - ok
17:10:34.0184 6380 BTHMODEM - ok
17:10:34.0184 6380 BthPan - ok
17:10:34.0184 6380 BTHPORT - ok
17:10:34.0199 6380 bthserv - ok
17:10:34.0199 6380 BTHUSB - ok
17:10:34.0215 6380 BTMCOM - ok
17:10:34.0215 6380 BTMHID - ok
17:10:34.0231 6380 BTMUSB - ok
17:10:34.0231 6380 cdfs - ok
17:10:34.0231 6380 cdrom - ok
17:10:34.0231 6380 CertPropSvc - ok
17:10:34.0246 6380 circlass - ok
17:10:34.0246 6380 CLFS - ok
17:10:34.0246 6380 clr_optimization_v2.0.50727_32 - ok
17:10:34.0262 6380 clr_optimization_v2.0.50727_64 - ok
17:10:34.0262 6380 clr_optimization_v4.0.30319_32 - ok
17:10:34.0262 6380 clr_optimization_v4.0.30319_64 - ok
17:10:34.0262 6380 CmBatt - ok
17:10:34.0277 6380 cmdide - ok
17:10:34.0277 6380 CNG - ok
17:10:34.0277 6380 Compbatt - ok
17:10:34.0277 6380 CompositeBus - ok
17:10:34.0293 6380 COMSysApp - ok
17:10:34.0293 6380 crcdisk - ok
17:10:34.0293 6380 CryptSvc - ok
17:10:34.0309 6380 CSC - ok
17:10:34.0309 6380 CscService - ok
17:10:34.0309 6380 DAMDrv - ok
17:10:34.0324 6380 DcomLaunch - ok
17:10:34.0324 6380 DEBridge - ok
17:10:34.0324 6380 defragsvc - ok
17:10:34.0324 6380 DfsC - ok
17:10:34.0340 6380 Dhcp - ok
17:10:34.0340 6380 discache - ok
17:10:34.0340 6380 Disk - ok
17:10:34.0340 6380 Dnscache - ok
17:10:34.0355 6380 dot3svc - ok
17:10:34.0355 6380 DpHost - ok
17:10:34.0355 6380 DPS - ok
17:10:34.0371 6380 drmkaud - ok
17:10:34.0371 6380 DXGKrnl - ok
17:10:34.0371 6380 EapHost - ok
17:10:34.0371 6380 ebdrv - ok
17:10:34.0387 6380 EFS - ok
17:10:34.0387 6380 ehRecvr - ok
17:10:34.0387 6380 ehSched - ok
17:10:34.0387 6380 elxstor - ok
17:10:34.0402 6380 ErrDev - ok
17:10:34.0402 6380 EventSystem - ok
17:10:34.0402 6380 exfat - ok
17:10:34.0418 6380 fastfat - ok
17:10:34.0418 6380 Fax - ok
17:10:34.0418 6380 fdc - ok
17:10:34.0418 6380 fdPHost - ok
17:10:34.0433 6380 FDResPub - ok
17:10:34.0433 6380 FileInfo - ok
17:10:34.0433 6380 Filetrace - ok
17:10:34.0433 6380 FLCDLOCK - ok
17:10:34.0449 6380 FLEXnet Licensing Service - ok
17:10:34.0449 6380 FLEXnet Licensing Service 64 - ok
17:10:34.0449 6380 flpydisk - ok
17:10:34.0465 6380 FltMgr - ok
17:10:34.0465 6380 FontCache - ok
17:10:34.0465 6380 FontCache3.0.0.0 - ok
17:10:34.0465 6380 FsDepends - ok
17:10:34.0480 6380 Fs_Rec - ok
17:10:34.0480 6380 fvevol - ok
17:10:34.0480 6380 gagp30kx - ok
17:10:34.0480 6380 gpsvc - ok
17:10:34.0496 6380 gupdate - ok
17:10:34.0511 6380 gupdatem - ok
17:10:34.0511 6380 hcw85cir - ok
17:10:34.0511 6380 HdAudAddService - ok
17:10:34.0511 6380 HDAudBus - ok
17:10:34.0527 6380 HECIx64 - ok
17:10:34.0527 6380 HidBatt - ok
17:10:34.0527 6380 HidBth - ok
17:10:34.0527 6380 HidIr - ok
17:10:34.0543 6380 hidserv - ok
17:10:34.0543 6380 HidUsb - ok
17:10:34.0543 6380 hkmsvc - ok
17:10:34.0543 6380 HomeGroupListener - ok
17:10:34.0558 6380 HomeGroupProvider - ok
17:10:34.0574 6380 HP Health Check Service - ok
17:10:34.0574 6380 HP Power Assistant Service - ok
17:10:34.0574 6380 HP ProtectTools Service - ok
17:10:34.0589 6380 HP Wireless Assistant Service - ok
17:10:34.0605 6380 HPDayStarterService - ok
17:10:34.0605 6380 HPDrvMntSvc.exe - ok
17:10:34.0605 6380 hpdskflt - ok
17:10:34.0621 6380 HpFkCryptService - ok
17:10:34.0621 6380 HPFSService - ok
17:10:34.0621 6380 hpHotkeyMonitor - ok
17:10:34.0621 6380 HpqKbFiltr - ok
17:10:34.0636 6380 hpqwmiex - ok
17:10:34.0636 6380 HpSAMD - ok
17:10:34.0636 6380 hpsrv - ok
17:10:34.0652 6380 HTTP - ok
17:10:34.0652 6380 hwpolicy - ok
17:10:34.0652 6380 i8042prt - ok
17:10:34.0652 6380 iaStor - ok
17:10:34.0667 6380 IAStorDataMgrSvc - ok
17:10:34.0683 6380 iaStorV - ok
17:10:34.0683 6380 idsvc - ok
17:10:34.0683 6380 iirsp - ok
17:10:34.0683 6380 IKEEXT - ok
17:10:34.0699 6380 Impcd - ok
17:10:34.0699 6380 intelide - ok
17:10:34.0699 6380 intelppm - ok
17:10:34.0714 6380 IPBusEnum - ok
17:10:34.0714 6380 IpFilterDriver - ok
17:10:34.0714 6380 iphlpsvc - ok
17:10:34.0714 6380 IPMIDRV - ok
17:10:34.0730 6380 IPNAT - ok
17:10:34.0730 6380 IRENUM - ok
17:10:34.0730 6380 isapnp - ok
17:10:34.0745 6380 iScsiPrt - ok
17:10:34.0745 6380 kbdclass - ok
17:10:34.0745 6380 kbdhid - ok
17:10:34.0745 6380 KeyIso - ok
17:10:34.0745 6380 KSecDD - ok
17:10:34.0761 6380 KSecPkg - ok
17:10:34.0761 6380 ksthunk - ok
17:10:34.0761 6380 KtmRm - ok
17:10:34.0777 6380 LanmanServer - ok
17:10:34.0777 6380 LanmanWorkstation - ok
17:10:34.0777 6380 LBTServ - ok
17:10:34.0777 6380 LHidFilt - ok
17:10:34.0792 6380 LightScribeService - ok
17:10:34.0792 6380 lltdio - ok
17:10:34.0792 6380 lltdsvc - ok
17:10:34.0792 6380 lmhosts - ok
17:10:34.0808 6380 LMouFilt - ok
17:10:34.0808 6380 LMS - ok
17:10:34.0808 6380 LSI_FC - ok
17:10:34.0823 6380 LSI_SAS - ok
17:10:34.0823 6380 LSI_SAS2 - ok
17:10:34.0839 6380 LSI_SCSI - ok
17:10:34.0839 6380 luafv - ok
17:10:34.0855 6380 McComponentHostService - ok
17:10:34.0855 6380 Mcx2Svc - ok
17:10:34.0870 6380 MDM - ok
17:10:34.0870 6380 megasas - ok
17:10:34.0870 6380 MegaSR - ok
17:10:34.0886 6380 MMCSS - ok
17:10:34.0886 6380 Modem - ok
17:10:34.0886 6380 monitor - ok
17:10:34.0886 6380 mouclass - ok
17:10:34.0901 6380 mouhid - ok
17:10:34.0901 6380 mountmgr - ok
17:10:34.0901 6380 MozillaMaintenance - ok
17:10:34.0917 6380 mpio - ok
17:10:34.0917 6380 mpsdrv - ok
17:10:34.0917 6380 MpsSvc - ok
17:10:34.0933 6380 MRxDAV - ok
17:10:34.0933 6380 mrxsmb - ok
17:10:34.0933 6380 mrxsmb10 - ok
17:10:34.0933 6380 mrxsmb20 - ok
17:10:34.0948 6380 msahci - ok
17:10:34.0948 6380 msdsm - ok
17:10:34.0948 6380 MSDTC - ok
17:10:34.0964 6380 Msfs - ok
17:10:34.0964 6380 mshidkmdf - ok
17:10:34.0979 6380 msisadrv - ok
17:10:34.0979 6380 MSiSCSI - ok
17:10:34.0979 6380 msiserver - ok
17:10:34.0979 6380 MSKSSRV - ok
17:10:34.0995 6380 MSPCLOCK - ok
17:10:34.0995 6380 MSPQM - ok
17:10:34.0995 6380 MsRPC - ok
17:10:35.0011 6380 mssmbios - ok
17:10:35.0011 6380 MSTEE - ok
17:10:35.0011 6380 MTConfig - ok
17:10:35.0011 6380 Mup - ok
17:10:35.0026 6380 napagent - ok
17:10:35.0026 6380 NativeWifiP - ok
17:10:35.0026 6380 NDIS - ok
17:10:35.0026 6380 NdisCap - ok
17:10:35.0042 6380 NdisTapi - ok
17:10:35.0042 6380 Ndisuio - ok
17:10:35.0042 6380 NdisWan - ok
17:10:35.0042 6380 NDProxy - ok
17:10:35.0073 6380 NetBIOS - ok
17:10:35.0073 6380 NetBT - ok
17:10:35.0073 6380 Netlogon - ok
17:10:35.0073 6380 Netman - ok
17:10:35.0089 6380 netprofm - ok
17:10:35.0089 6380 netr28x - ok
17:10:35.0089 6380 NetTcpPortSharing - ok
17:10:35.0089 6380 nfrd960 - ok
17:10:35.0104 6380 NlaSvc - ok
17:10:35.0104 6380 Npfs - ok
17:10:35.0104 6380 nsi - ok
17:10:35.0104 6380 nsiproxy - ok
17:10:35.0120 6380 Ntfs - ok
17:10:35.0120 6380 Null - ok
17:10:35.0120 6380 nvraid - ok
17:10:35.0135 6380 nvstor - ok
17:10:35.0135 6380 nv_agp - ok
17:10:35.0135 6380 ohci1394 - ok
17:10:35.0135 6380 p2pimsvc - ok
17:10:35.0151 6380 p2psvc - ok
17:10:35.0151 6380 Parport - ok
17:10:35.0151 6380 partmgr - ok
17:10:35.0151 6380 PcaSvc - ok
17:10:35.0167 6380 pci - ok
17:10:35.0167 6380 pciide - ok
17:10:35.0167 6380 pcmcia - ok
17:10:35.0182 6380 pcw - ok
17:10:35.0182 6380 PEAUTH - ok
17:10:35.0182 6380 PeerDistSvc - ok
17:10:35.0182 6380 PerfHost - ok
17:10:35.0198 6380 pla - ok
17:10:35.0213 6380 PlugPlay - ok
17:10:35.0213 6380 PNRPAutoReg - ok
17:10:35.0213 6380 PNRPsvc - ok
17:10:35.0213 6380 PolicyAgent - ok
17:10:35.0229 6380 Power - ok
17:10:35.0229 6380 PptpMiniport - ok
17:10:35.0229 6380 Processor - ok
17:10:35.0245 6380 ProfSvc - ok
17:10:35.0245 6380 ProtectedStorage - ok
17:10:35.0245 6380 Psched - ok
17:10:35.0245 6380 ql2300 - ok
17:10:35.0260 6380 ql40xx - ok
17:10:35.0260 6380 QWAVE - ok
17:10:35.0260 6380 QWAVEdrv - ok
17:10:35.0260 6380 RasAcd - ok
17:10:35.0276 6380 RasAgileVpn - ok
17:10:35.0276 6380 RasAuto - ok
17:10:35.0276 6380 Rasl2tp - ok
17:10:35.0276 6380 RasMan - ok
17:10:35.0291 6380 RasPppoe - ok
17:10:35.0291 6380 RasSstp - ok
17:10:35.0291 6380 rdbss - ok
17:10:35.0307 6380 rdpbus - ok
17:10:35.0307 6380 RDPCDD - ok
17:10:35.0307 6380 RDPDR - ok
17:10:35.0307 6380 RDPENCDD - ok
17:10:35.0323 6380 RDPREFMP - ok
17:10:35.0323 6380 RDPWD - ok
17:10:35.0323 6380 rdyboost - ok
17:10:35.0338 6380 RemoteAccess - ok
17:10:35.0338 6380 RemoteRegistry - ok
17:10:35.0338 6380 RFCOMM - ok
17:10:35.0354 6380 RpcEptMapper - ok
17:10:35.0354 6380 RpcLocator - ok
17:10:35.0369 6380 RpcSs - ok
17:10:35.0369 6380 rspndr - ok
17:10:35.0369 6380 RSUSBSTOR - ok
17:10:35.0369 6380 RsvLock - ok
17:10:35.0385 6380 RTL8167 - ok
17:10:35.0385 6380 rtsuvc - ok
17:10:35.0385 6380 s3cap - ok
17:10:35.0385 6380 SafeBoot - ok
17:10:35.0401 6380 SamSs - ok
17:10:35.0401 6380 SbAlg - ok
17:10:35.0401 6380 SbFsLock - ok
17:10:35.0401 6380 sbp2port - ok
17:10:35.0416 6380 SCardSvr - ok
17:10:35.0416 6380 scfilter - ok
17:10:35.0416 6380 Schedule - ok
17:10:35.0432 6380 SCPolicySvc - ok
17:10:35.0432 6380 sdbus - ok
17:10:35.0432 6380 SDRSVC - ok
17:10:35.0432 6380 secdrv - ok
17:10:35.0447 6380 seclogon - ok
17:10:35.0447 6380 SENS - ok
17:10:35.0463 6380 SensrSvc - ok
17:10:35.0463 6380 Serenum - ok
17:10:35.0463 6380 Serial - ok
17:10:35.0479 6380 sermouse - ok
17:10:35.0479 6380 SessionEnv - ok
17:10:35.0494 6380 sffdisk - ok
17:10:35.0494 6380 sffp_mmc - ok
17:10:35.0494 6380 sffp_sd - ok
17:10:35.0494 6380 sfloppy - ok
17:10:35.0510 6380 SharedAccess - ok
17:10:35.0510 6380 ShellHWDetection - ok
17:10:35.0510 6380 SiSRaid2 - ok
17:10:35.0510 6380 SiSRaid4 - ok
17:10:35.0525 6380 SkypeUpdate - ok
17:10:35.0525 6380 Smb - ok
17:10:35.0525 6380 SNMPTRAP - ok
17:10:35.0541 6380 spldr - ok
17:10:35.0541 6380 Spooler - ok
17:10:35.0541 6380 sppsvc - ok
17:10:35.0541 6380 sppuinotify - ok
17:10:35.0557 6380 srv - ok
17:10:35.0557 6380 srv2 - ok
17:10:35.0557 6380 srvnet - ok
17:10:35.0572 6380 ssadbus - ok
17:10:35.0572 6380 ssadmdfl - ok
17:10:35.0572 6380 ssadmdm - ok
17:10:35.0588 6380 ssadserd - ok
17:10:35.0588 6380 SSDPSRV - ok
17:10:35.0603 6380 SSPORT - ok
17:10:35.0603 6380 SstpSvc - ok
17:10:35.0603 6380 STacSV - ok
17:10:35.0619 6380 stexstor - ok
17:10:35.0619 6380 STHDA - ok
17:10:35.0619 6380 StillCam - ok
17:10:35.0619 6380 stisvc - ok
17:10:35.0635 6380 storflt - ok
17:10:35.0635 6380 StorSvc - ok
17:10:35.0635 6380 storvsc - ok
17:10:35.0635 6380 swenum - ok
17:10:35.0650 6380 swprv - ok
17:10:35.0650 6380 SynTP - ok
17:10:35.0650 6380 SysMain - ok
17:10:35.0650 6380 TabletInputService - ok
17:10:35.0666 6380 TapiSrv - ok
17:10:35.0666 6380 TBS - ok
17:10:35.0666 6380 Tcpip - ok
17:10:35.0666 6380 TCPIP6 - ok
17:10:35.0681 6380 tcpipreg - ok
17:10:35.0681 6380 TDPIPE - ok
17:10:35.0681 6380 TDTCP - ok
17:10:35.0697 6380 tdx - ok
17:10:35.0713 6380 TermDD - ok
17:10:35.0713 6380 TermService - ok
17:10:35.0713 6380 Themes - ok
17:10:35.0713 6380 THREADORDER - ok
17:10:35.0728 6380 TPM - ok
17:10:35.0728 6380 TrkWks - ok
17:10:35.0728 6380 TrustedInstaller - ok
17:10:35.0728 6380 tssecsrv - ok
17:10:35.0744 6380 TsUsbFlt - ok
17:10:35.0744 6380 tunnel - ok
17:10:35.0744 6380 uagp35 - ok
17:10:35.0744 6380 uArcCapture - ok
17:10:35.0759 6380 udfs - ok
17:10:35.0759 6380 UI0Detect - ok
17:10:35.0775 6380 uliagpkx - ok
17:10:35.0775 6380 umbus - ok
17:10:35.0775 6380 UmPass - ok
17:10:35.0775 6380 UmRdpService - ok
17:10:35.0775 6380 UNS - ok
17:10:35.0791 6380 upnphost - ok
17:10:35.0791 6380 usbccgp - ok
17:10:35.0791 6380 usbcir - ok
17:10:35.0806 6380 usbehci - ok
17:10:35.0806 6380 usbhub - ok
17:10:35.0806 6380 usbohci - ok
17:10:35.0806 6380 usbprint - ok
17:10:35.0822 6380 usbscan - ok
17:10:35.0822 6380 USBSTOR - ok
17:10:35.0822 6380 usbuhci - ok
17:10:35.0837 6380 usbvideo - ok
17:10:35.0853 6380 usb_rndisx - ok
17:10:35.0853 6380 UxSms - ok
17:10:35.0853 6380 VaultSvc - ok
17:10:35.0869 6380 vcsFPService - ok
17:10:35.0869 6380 vdrvroot - ok
17:10:35.0884 6380 vds - ok
17:10:35.0884 6380 vga - ok
17:10:35.0884 6380 VgaSave - ok
17:10:35.0884 6380 vhdmp - ok
17:10:35.0900 6380 viaide - ok
17:10:35.0900 6380 vmbus - ok
17:10:35.0900 6380 VMBusHID - ok
17:10:35.0900 6380 volmgr - ok
17:10:35.0915 6380 volmgrx - ok
17:10:35.0915 6380 volsnap - ok
17:10:35.0915 6380 vpcbus - ok
17:10:35.0915 6380 vpcnfltr - ok
17:10:35.0931 6380 vpcusb - ok
17:10:35.0931 6380 vpcvmm - ok
17:10:35.0931 6380 vsmraid - ok
17:10:35.0947 6380 VSS - ok
17:10:35.0947 6380 vwifibus - ok
17:10:35.0962 6380 vwififlt - ok
17:10:35.0962 6380 vwifimp - ok
17:10:35.0962 6380 W32Time - ok
17:10:35.0978 6380 WacomPen - ok
17:10:35.0978 6380 WANARP - ok
17:10:35.0978 6380 Wanarpv6 - ok
17:10:35.0993 6380 WatAdminSvc - ok
17:10:35.0993 6380 wbengine - ok
17:10:35.0993 6380 WbioSrvc - ok
17:10:36.0009 6380 wcncsvc - ok
17:10:36.0009 6380 WcsPlugInService - ok
17:10:36.0009 6380 Wd - ok
17:10:36.0009 6380 Wdf01000 - ok
17:10:36.0025 6380 WdiServiceHost - ok
17:10:36.0025 6380 WdiSystemHost - ok
17:10:36.0025 6380 WebClient - ok
17:10:36.0025 6380 Wecsvc - ok
17:10:36.0040 6380 wercplsupport - ok
17:10:36.0040 6380 WerSvc - ok
17:10:36.0040 6380 WfpLwf - ok
17:10:36.0056 6380 WIMMount - ok
17:10:36.0056 6380 WinDefend - ok
17:10:36.0056 6380 WinHttpAutoProxySvc - ok
17:10:36.0071 6380 Winmgmt - ok
17:10:36.0071 6380 WinRM - ok
17:10:36.0071 6380 WinUSB - ok
17:10:36.0087 6380 Wlansvc - ok
17:10:36.0087 6380 wlidsvc - ok
17:10:36.0087 6380 WmiAcpi - ok
17:10:36.0103 6380 wmiApSrv - ok
17:10:36.0103 6380 WMPNetworkSvc - ok
17:10:36.0103 6380 WPCSvc - ok
17:10:36.0103 6380 WPDBusEnum - ok
17:10:36.0118 6380 ws2ifsl - ok
17:10:36.0118 6380 wscsvc - ok
17:10:36.0134 6380 WSDPrintDevice - ok
17:10:36.0134 6380 WSearch - ok
17:10:36.0134 6380 wuauserv - ok
17:10:36.0149 6380 WudfPf - ok
17:10:36.0149 6380 WUDFRd - ok
17:10:36.0149 6380 wudfsvc - ok
17:10:36.0149 6380 WwanSvc - ok
17:10:36.0181 6380 ================ Scan global ===============================
17:10:36.0181 6380 [Global] - ok
17:10:36.0181 6380 ================ Scan MBR ==================================
17:10:36.0196 6380 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:10:36.0586 6380 \Device\Harddisk0\DR0 - ok
17:10:36.0586 6380 ================ Scan VBR ==================================
17:10:36.0586 6380 ============================================================
17:10:36.0586 6380 Scan finished
17:10:36.0586 6380 ============================================================
17:10:36.0602 5516 Detected object count: 0
17:10:36.0602 5516 Actual detected object count: 0

markusg 02.06.2013 16:56
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

chouia 02.06.2013 17:12
Markus
ComboFix läuft gerade auf dem infizierten Computer.
Ich möchte mich schon mal recht herzlich für die aufwändige Hilfe bedanken.
Ich werde meinen Nachbarn dazu verpflichten euch eine Spende zukommen zu lassen.
Die Log-Datei folgt in kürze...:abklatsch:

Code:
ComboFix 13-06-02.02 - NVH 02.06.2013  18:04:27.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.41.1031.18.3951.1626 [GMT 2:00]
ausgeführt von:: c:\users\NVH\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\C53167FCF9.sys
C:\Thumbs.db
c:\users\NH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\CbsProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\CbsProvider.dll.mui
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\DismProv.dll.mui
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\LogProvider.dll.mui
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\de-DE\OSProvider.dll.mui
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DismCorePS.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DismHost.exe
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DismProv.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\DmiProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\IntlProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\LogProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\MsiProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\OSProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\SmiProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\TransmogProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\UnattendProvider.dll
c:\users\NVH\AppData\Local\Temp\957ABF68-5495-4021-9A1A-A4693333D966\wdscore.dll
c:\users\NVH\AppData\Roaming\Microsoft\Windows\Recent\PDFCreator.url
c:\users\NVH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCont32.dll.mui
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
c:\windows\TEMP\IE1FEBA.tmp\IE10-support\ienrcore.exe
c:\windows\TEMP\IE1FEBA.tmp\SQMAPI.DLL
D:\autorun.inf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-02 bis 2013-06-02  ))))))))))))))))))))))))))))))
.
.
2013-06-02 15:19 . 2013-06-02 15:19        2155344        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-06-01 11:08 . 2013-06-01 11:08        48648        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-05-31 15:23 . 2013-06-02 15:19        48648        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-05-31 15:22 . 2013-05-31 15:22        2155344        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-31 14:49 . 2013-05-31 14:49        --------        d---a-w-        c:\program files (x86)\UtilityChest_49EI
2013-05-31 13:03 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DBD7CB5-ECDC-4138-97C7-36B9C56B60BD}\mpengine.dll
2013-05-25 10:21 . 2013-06-01 10:09        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2013-05-24 15:35 . 2013-05-24 15:35        --------        d-----w-        c:\users\NVH\AppData\Roaming\pdfforge
2013-05-24 15:35 . 2012-10-28 16:32        103936        ----a-w-        c:\windows\system32\pdfcmon.dll
2013-05-24 15:35 . 2012-05-05 08:54        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2013-05-24 15:35 . 2012-05-05 08:54        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2013-05-24 15:35 . 2013-05-31 14:53        --------        d-----w-        c:\program files (x86)\PDFCreator
2013-05-24 15:35 . 2012-05-05 08:54        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
2013-05-24 15:35 . 1998-07-06 15:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2013-05-24 15:35 . 1998-07-06 15:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2013-05-24 15:35 . 1998-07-06 15:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2013-05-24 15:24 . 2013-05-24 15:24        --------        d-----w-        c:\users\NVH\AppData\Roaming\PDF Architect
2013-05-24 15:13 . 2013-05-24 15:13        --------        d-----w-        c:\users\NVH\AppData\Local\Programs
2013-05-16 06:17 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll
2013-05-16 06:17 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-16 06:17 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-05-15 08:48 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-10 07:57 . 2013-05-10 07:57        187456        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-22 14:25 . 2011-01-21 17:36        2516        --sha-w-        c:\programdata\KGyGaAvL.sys
2013-05-16 06:20 . 2011-01-26 20:04        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-15 08:33 . 2012-04-26 15:25        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 08:33 . 2011-08-16 12:22        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-08-10 08:14        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 08:48        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 08:48        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 08:48        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 08:48        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 08:48        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 08:48        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:24        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-11 08:49        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-11 08:49        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 08:49        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 08:49        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 08:49        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 08:49        112640        ----a-w-        c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"DTRun"="c:\program files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-12 343168]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-20 348664]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
.
c:\users\NH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-10-5 1207312]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 21:39        75320        ----a-w-        c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [2010-04-10 52736]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-06-02 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-26 1255736]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-01-13 142848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-08-20 27760]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-12 204288]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-08-20 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-20 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-20 465360]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [2010-05-20 677128]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-18 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-12-12 11576]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [2010-06-29 4181256]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [2010-05-20 1096968]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 BTMHID;BTMHID;c:\windows\system32\DRIVERS\btmhid.sys [2010-03-23 34048]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [2010-06-29 3232768]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2009-12-16 704512]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-29 1028096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-12-06 2350176]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:41 89216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45667197
*Deregistered* - 45667197
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-24 09:29        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 08:33]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 06:29]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 06:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-18 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-06-10 24783624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 456704]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=110824&tt=4312_5&babsrc=HP_ss&mntrId=f0e77527000000000000e02a82555069
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bluewin.ch/
FF - prefs.js: keyword.URL - hxxp://go.web.de/tb/mff_keyurl_search/?su=
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-02  18:12:55
ComboFix-quarantined-files.txt  2013-06-02 16:12
.
Vor Suchlauf: 17 Verzeichnis(se), 203'440'762'880 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 202'949'603'328 Bytes frei
.
- - End Of File - - 46291095CBFC3B59C3191D0424FD78BB

markusg 02.06.2013 17:23
Kein Prob, und danke.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

chouia 02.06.2013 18:38
Code:
2013/06/02 18:30:33 +0200        NVH-HP        NVH        MESSAGE        Starting protection
2013/06/02 18:30:33 +0200        NVH-HP        NVH        MESSAGE        Protection started successfully
2013/06/02 18:30:33 +0200        NVH-HP        NVH        MESSAGE        Starting IP protection
2013/06/02 18:31:01 +0200        NVH-HP        NVH        MESSAGE        IP Protection started successfully
2013/06/02 18:31:07 +0200        NVH-HP        NVH        MESSAGE        Starting database refresh
2013/06/02 18:31:07 +0200        NVH-HP        NVH        MESSAGE        Stopping IP protection
2013/06/02 18:31:12 +0200        NVH-HP        NVH        MESSAGE        IP Protection stopped successfully
2013/06/02 18:31:15 +0200        NVH-HP        NVH        MESSAGE        Database refreshed successfully
2013/06/02 18:31:15 +0200        NVH-HP        NVH        MESSAGE        Starting IP protection
2013/06/02 18:31:18 +0200        NVH-HP        NVH        MESSAGE        IP Protection started successfully
2013/06/02 18:36:35 +0200        NVH-HP        NVH        MESSAGE        Executing scheduled update:  Daily
2013/06/02 18:36:37 +0200        NVH-HP        NVH        MESSAGE        Database already up-to-date
2013/06/02 19:21:10 +0200        NVH-HP        (null)        MESSAGE        Starting protection
2013/06/02 19:21:10 +0200        NVH-HP        (null)        MESSAGE        Protection started successfully
2013/06/02 19:21:10 +0200        NVH-HP        (null)        MESSAGE        Starting IP protection
2013/06/02 19:21:14 +0200        NVH-HP        (null)        MESSAGE        IP Protection started successfully
2013/06/02 19:31:23 +0200        NVH-HP        (null)        MESSAGE        Starting protection
2013/06/02 19:31:23 +0200        NVH-HP        (null)        MESSAGE        Protection started successfully
2013/06/02 19:31:23 +0200        NVH-HP        (null)        MESSAGE        Starting IP protection
2013/06/02 19:31:28 +0200        NVH-HP        (null)        MESSAGE        IP Protection started successfully

markusg 02.06.2013 18:41
das ist nicht das Richtige, schau mal obs noch weitere Logs gibt, das ist das Protection log, nicht das vom Scan

chouia 02.06.2013 18:57
unter Log Dateien im Programm Malwarebytes hatte es nur dieses Log. Ich scanne nun nochmals. Dauert aber wieder eine weile. Danke für die Geduld...

markusg 02.06.2013 18:58
gabs denn Funde beim ersten Scan?

chouia 02.06.2013 19:11
Nein, zum Glück nicht...

markusg 02.06.2013 19:19
ok dann spar dir den Scan.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

chouia 02.06.2013 20:03
Hoffentlich habe ich das richtig kappiert...

Code:
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        29.12.2010                10.0.32.18 unnötig       
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        15.05.2013        6.00MB        11.7.700.202 unnötig       
Adobe Reader X (10.1.7) - Deutsch        Adobe Systems Incorporated        17.05.2013        169MB        10.1.7 notwendig
AMD Catalyst Install Manager        Advanced Micro Devices, Inc.        08.11.2011        22.7MB        3.0.847.0 unnötig
ArcSoft TotalMedia        ArcSoft        29.12.2010        915MB        1.0.23.26 unbekannt
ArcSoft Webcam Sharing Manager        ArcSoft        28.12.2010        7.24MB        1.0.0.26 unbekannt
Avira Antivirus Premium 2012        Avira        14.11.2012        131MB        12.1.9.1255 notwendig
Brother Driver Deployment Wizard        Brother        08.12.2012                1.09.000 unnötig
Brother MFL-Pro Suite MFC-J615W        Brother Industries, Ltd.        08.12.2012                1.0.4.0 unnötig
CCleaner        Piriform        24.05.2013                4.02 notwendig
CLX.ClubMaker        CREALOGIX        18.04.2012        191MB        2.0.12.0 notwendig
Compatibility Pack für 2007 Office System        Microsoft Corporation        11.01.2013        149MB        12.0.6612.1000 unnötig
Device Access Manager for HP ProtectTools        Hewlett-Packard        03.09.2010        10.3MB        5.0.1.5 unbekannt
Drive Encryption for HP ProtectTools        Hewlett-Packard        04.09.2010        67.9MB        5.0.4.0 unbekannt
Energy Star Digital Logo        Hewlett-Packard        28.12.2010        300KB        1.0.1 unbekannt
Face Recognition for HP ProtectTools        Hewlett-Packard        03.09.2010        57.4MB        2.02.4007 unbekannt
File Sanitizer For HP ProtectTools        Hewlett-Packard        03.09.2010        27.6MB        5.0.1.2 unbekannt
Google Chrome        Google Inc.        10.05.2012                27.0.1453.94 unnötig
Google Earth Plug-in        Google        23.03.2013        80.7MB        7.0.3.8542 unnötig
HP 3D DriveGuard        Hewlett-Packard        03.09.2010        3.28MB        4.0.4.1 unbekannt
HP Advisor        Hewlett-Packard        03.09.2010        49.2MB        3.3.9512.3162 unbekannt
HP Documentation        Hewlett-Packard        03.09.2010        1.00GB        1.6.0.0 unbekannt
HP ESU for Microsoft Windows 7        Hewlett-Packard Company        03.09.2010        17.4MB        1.1.6.1 unbekannt
HP HotKey Support        Hewlett-Packard Company        03.09.2010        13.0MB        3.5.15.1 notwendig
HP Power Assistant        Hewlett-Packard Company        03.09.2010        7.63MB        1.0.9.0 notwendig
HP Power Data        Hewlett-Packard        03.09.2010        2.39MB        1.0.31.182 unbekannt
HP ProtectTools Security Manager        Hewlett-Packard        04.09.2010        88.6MB        5.03.637 unbekannt
HP QuickLook        Hewlett-Packard Company        21.01.2011        92.6MB        3.3.1.2 unbekannt
HP QuickWeb        DeviceVM, Inc.        21.01.2011        359MB        1.0.1.63 unbekannt
HP Setup        Hewlett-Packard        03.09.2010                1.2.3557.3169 notwendig
HP SoftPaq Download Manager        Hewlett-Packard Company        03.09.2010        14.3MB        3.0.5.0 unbekannt
HP Software Framework        Hewlett-Packard Company        03.09.2010        2.34MB        4.0.39.1 unbekannt
HP Software Setup        Hewlett-Packard Company        03.09.2010        11.7MB        7.0.1.9 unbekannt
HP Support Assistant        Hewlett-Packard Company        06.08.2011        71.2MB        5.2.9.2 notwendig
HP Webcam Driver        Realtek Semiconductor Corp.        28.12.2010                6.1.7600.0024 unnötig
HP Wireless Assistant        Hewlett-Packard        03.09.2010        5.59MB        4.0.6.0 notwendig
IDT Audio        IDT        28.12.2010                1.0.6275.0
Intel(R) Management Engine Components        Intel Corporation        03.09.2010                6.0.0.1179 notwendig
Intel(R) Rapid Storage Technology        Intel Corporation        03.09.2010                9.6.0.1014 notwendig
Intel(R) Turbo Boost Technology Driver        Intel Corporation        03.09.2010                01.01.01.1007 notwendig
LightScribe System Software        LightScribe        03.09.2010        22.5MB        1.18.6.1 unnötig
Logitech SetPoint        Logitech        05.10.2011        17.0KB        4.80 benötigt
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        02.06.2013        19.2MB        1.75.0.1300 notwendig
McAfee Security Scan Plus        McAfee, Inc.        14.02.2013        10.2MB        3.0.318.3 unnötig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        04.02.2011        38.8MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        04.02.2011        2.93MB        4.0.30319 unbekannt
Microsoft Office Live Add-in 1.5        Microsoft Corporation        26.04.2012        508KB        2.0.4024.1 unnötig
Microsoft Office XP Small Business        Microsoft Corporation        10.08.2011        572MB        10.0.6626.0 unnötig
Microsoft PowerPoint Viewer        Microsoft Corporation        15.12.2012        206MB        14.0.6029.1000 notwendig
Microsoft Silverlight        Microsoft Corporation        14.03.2013        100MB        5.1.20125.0 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        03.09.2010        260KB        8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        03.09.2010        252KB        8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        07.08.2011        300KB        8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        03.09.2010        1.47MB        8.0.61000 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148        Microsoft Corporation        05.02.2011        212KB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        05.02.2011        198KB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        03.09.2010        788KB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        07.08.2011        788KB        9.0.30729.6161 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        03.09.2010        596KB        9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        07.08.2011        600KB        9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        10.03.2012        13.7MB        10.0.30319 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        23.06.2012        15.0MB        10.0.40219 unbekannt
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme        Microsoft Corporation        24.05.2013        132KB        12.0.4518.1014 unbekannt
MozBackup 1.5.1        Pavel Cvrcek        17.08.2011 unbekannt notwendig               
Mozilla Firefox 21.0 (x86 de)        Mozilla        24.05.2013        44.9MB        21.0 notwendig
Mozilla Maintenance Service        Mozilla        01.06.2013        331KB        17.0.5 notwendig
Mozilla Thunderbird 17.0.5 (x86 de)        Mozilla        01.06.2013        43.3MB        17.0.5 notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        05.02.2011        1.27MB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        07.02.2011        1.33MB        4.20.9876.0 unbekannt
MyPhoneExplorer        F.J. Wechselberger        09.11.2011                1.8.2 unnötig
MyTomTom 3.1.0.530        TomTom        06.05.2012                3.1.0.530
PaperPort Image Printer 64-bit        Nuance Communications, Inc.        13.01.2012        558KB        1.00.0000 unbekannt
PDFCreator        pdfforge        24.05.2013                1.6.1 unnötig
Privacy Manager for HP ProtectTools        Hewlett-Packard        03.09.2010        23.1MB        5.10.796 unbekannt
Private Tax 2011 1.4        Information Factory AG        01.05.2012 notwendig                1.4
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter        Motorola, Inc.        28.12.2010        144MB        3.0.41.258 unbekannt
Ralink RT3090 802.11b/g/n WiFi Adapter        Ralink        28.12.2010 notwendig                1.2.0.27
Realtek Ethernet Controller All-In-One Windows Driver        Realtek        03.09.2010                1.12.0011 notwendig
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        03.09.2010                6.1.7600.30109 notwendig
Samsung CLX-3300 Series        Samsung Electronics Co., Ltd.        09.02.2013                1.04 (07.07.2012) notwendig
Samsung Easy Color Manager        Samsung Electronics Co., Ltd.        12.02.2013                3.02.04 notwendig
Samsung Easy Document Creator        Samsung Electronics Co., Ltd.        09.02.2013        17.3MB        1.03.13 (29.06.2012) notwendig
Samsung Easy Printer Manager        Samsung Electronics Co., Ltd.        12.02.2013                1.02.91.00(16.01.2013) notwendig
Samsung Printer Live Update        Samsung Electronics Co., Ltd.        09.02.2013                1.01.00.04 notwendig
Samsung Universal Scan Driver        Samsung Electronics Co., Ltd.        13.02.2013                1.2.6.0 notwendig
SAMSUNG USB Driver for Mobile Phones        SAMSUNG Electronics Co., Ltd.        08.11.2011        42.8MB        1.4.8.0 notwendig
ScanSoft PaperPort 11        Nuance Communications, Inc.        13.01.2012        146MB        11.2.0000 unbekannt
Skype™ 5.10        Skype Technologies S.A.        20.09.2012        19.4MB        5.10.116 unnötig
SNS Upload for Easy Document Creator        Samsung Electronics Co.,Ltd        09.02.2013        2.02MB        1.0.0 unbekannt
Synaptics Pointing Device Driver        Synaptics Incorporated        04.09.2010        46.4MB        15.0.24.0 notwendig
Theft Recovery        Hewlett-Packard        03.09.2010        0.99MB        5.1.0.18 notwendig
U3Launcher        U3        17.08.2011        2.57MB        1.0.0 unbekannt
Validity Fingerprint Driver        Validity Sensors, Inc.        28.12.2010        11.0MB        4.0.10.0 notwendig
Visual Studio C++ 10.0 Runtime        TomTom International B.V.        06.05.2012        1.14MB        10.0.0 notwendig
Windows 7 Default Setting        Hewlett-Packard Company        03.09.2010        32.0KB        1.0.1.6 notwendig
Windows Live ID Sign-in Assistant        Microsoft Corporation        03.09.2010        10.0MB        6.500.3165.0 notwendig
Hier trotzdem noch das Log von malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.02.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
NVH :: NVH-HP [Administrator]

Schutz: Aktiviert

02.06.2013 19:48:18
mbam-log-2013-06-02 (19-48-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 429951
Laufzeit: 1 Stunde(n), 1 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 03.06.2013 12:19
deinstaliere:
Adobe Flash Player alle
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

AMD
ArcSoft : beide
Compatibility
Google : beide
LightScribe
McAfee
MyPhoneExplorer
PDFCreator
Skype™

Öffne CCleaner, analysieren, starten, pc neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

chouia 03.06.2013 17:53
Guten Abend Markus
Ich habe alle oben beschriebenen Änderungen und Löschungen vorgenommen.
Hier nun die Logdatei von AdwCleaner:

Code:
# AdwCleaner v2.301 - Datei am 03/06/2013 um 18:46:42 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : NVH - NVH-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\NVH\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\NVH\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\NVH\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DeviceVM

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110824&tt=4312_5&babsrc=HP_ss&mntrId=f0e77527000000000000e02a82555069 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\prefs.js

C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4312_[...]

Datei : C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2367 octets] - [03/06/2013 18:44:25]
AdwCleaner[S1].txt - [2274 octets] - [03/06/2013 18:46:42]

########## EOF - C:\AdwCleaner[S1].txt - [2334 octets] ##########
Ich denke ich werde Firefox mit Chrome ersetzen. Was meinst Du?

markusg 03.06.2013 18:11
starte bitte neu.

HitmanPro - Download - Filepony

Hitmanpro laden, doppelklicken.
Auf Scan klicken.
Nichts löschen, auf weiter klicken.
Log speichern unter, bzw als xml exportieren, dann posten, bzw packen und anhängen

chouia 03.06.2013 18:30
Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : NVH-HP
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : NVH-HP\NVH
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-06-03 19:20:47
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 4m 28s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 250

  Objects scanned . . . : 1'731'157
  Files scanned . . . . : 13'479
  Remnants scanned  . . : 277'377 files / 1'440'301 keys

Cookies _____________________________________________________________________

  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:ad.yieldmanager.com
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:apmebf.com
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:atdmt.com
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:bs.serving-sys.com
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:doubleclick.net
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:invitemedia.com
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:revsci.net
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:serving-sys.com
  C:\Users\NH\AppData\Roaming\Mozilla\Firefox\Profiles\17x0bp83.default\cookies.sqlite:track.adform.net
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:ad.360yield.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:ad.yieldmanager.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:ad.zanox.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:ads.creative-serving.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:adtech.de
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:apmebf.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:atdmt.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:doubleclick.net
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:invitemedia.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:mediaplex.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:revsci.net
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:smartadserver.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:track.adform.net
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:tradedoubler.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:ww135.smartadserver.com
  C:\Users\NVH\AppData\Roaming\Mozilla\Firefox\Profiles\48fwzjzg.default\cookies.sqlite:zedo.com

markusg 03.06.2013 18:33
Funde bitte löschen, neustarten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chouia 03.06.2013 19:08
Code:
OTL logfile created on: 6/3/2013 7:56:32 PM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\NVH\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.32% Memory free
7.72 Gb Paging File | 5.39 Gb Available in Paging File | 69.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.62 Gb Total Space | 188.35 Gb Free Space | 78.93% Space Free | Partition Type: NTFS
Drive D: | 209.85 Gb Total Space | 176.74 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.57% Space Free | Partition Type: FAT32
 
Computer Name: NVH-HP | User Name: NVH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\NVH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll ()
MOD - C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HpFkCryptService) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (DpHost) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe (IDT, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (HP ProtectTools Service) -- c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{66461BD5-5BF3-42DF-A434-5203D770CD6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{66461BD5-5BF3-42DF-A434-5203D770CD6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
 
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1002\..\SearchScopes\{66461BD5-5BF3-42DF-A434-5203D770CD6B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1006\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1006\..\SearchScopes,DefaultScope = {66461BD5-5BF3-42DF-A434-5203D770CD6B}
IE - HKU\S-1-5-21-3834777946-2767378379-115329810-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.bluewin.ch/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.4191
FF - prefs.js..keyword.URL: "hxxp://go.web.de/tb/mff_keyurl_search/?su="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2010/09/04 00:17:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 17:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/03 18:27:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/03 18:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 17:01:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/03 18:27:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/03 18:57:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/02/04 16:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NVH\AppData\Roaming\mozilla\Extensions
[2011/02/04 16:03:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NVH\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/31 16:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NVH\AppData\Roaming\mozilla\Firefox\Profiles\48fwzjzg.default\extensions
[2013/01/22 14:41:40 | 000,002,273 | ---- | M] () -- C:\Users\NVH\AppData\Roaming\mozilla\firefox\profiles\48fwzjzg.default\searchplugins\englische-ergebnisse.xml
[2013/01/22 14:41:40 | 000,010,563 | ---- | M] () -- C:\Users\NVH\AppData\Roaming\mozilla\firefox\profiles\48fwzjzg.default\searchplugins\gmx-suche.xml
[2013/01/22 14:41:40 | 000,002,432 | ---- | M] () -- C:\Users\NVH\AppData\Roaming\mozilla\firefox\profiles\48fwzjzg.default\searchplugins\lastminute.xml
[2013/01/22 14:41:40 | 000,005,545 | ---- | M] () -- C:\Users\NVH\AppData\Roaming\mozilla\firefox\profiles\48fwzjzg.default\searchplugins\webde-suche.xml
[2013/05/24 17:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/05/24 17:01:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/06/02 18:10:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -update plugin File not found
O4 - Startup: C:\Users\NH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3834777946-2767378379-115329810-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3B9E93-D3FD-4828-9FE6-3CFC721D1046}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {827D5BC8-6BD1-0D23-7751-32198346002D} - Microsoft Windows Media Player
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DF384B9C-5775-8756-D865-BF4B4D37A62C} - Browser Customizations
ActiveX: {E8075BA1-503F-EBEB-2074-ACA7B227D85D} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FFA02AD5-B93E-2ADC-C863-F7AE02E6E9A2} - Browser Customizations
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/03 19:41:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NVH\Desktop\OTL.exe
[2013/06/03 19:20:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/06/03 19:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/06/03 19:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/03 18:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/06/03 18:26:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/06/03 18:19:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/03 17:48:51 | 000,000,000 | ---D | C] -- C:\Users\NVH\Desktop\CIBS POL. - Abg. Modus funktioniert nicht - Seite 2 - Trojaner-Board-Dateien
[2013/06/02 19:14:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/02 19:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2013/06/02 18:30:25 | 000,000,000 | ---D | C] -- C:\Users\NVH\AppData\Roaming\Malwarebytes
[2013/06/02 18:30:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/06/02 18:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/02 18:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/02 18:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/02 18:12:57 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/06/02 18:02:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/06/02 18:02:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/06/02 18:02:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/06/02 18:02:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/02 18:02:08 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/06/02 18:00:06 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\NVH\Desktop\ComboFix.exe
[2013/06/02 17:03:49 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\NVH\Desktop\tdsskiller.exe
[2013/05/31 16:49:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UtilityChest_49EI
[2013/05/24 17:24:09 | 000,000,000 | ---D | C] -- C:\Users\NVH\AppData\Roaming\PDF Architect
[2013/05/24 17:13:40 | 000,000,000 | ---D | C] -- C:\Users\NVH\AppData\Local\Programs
[2013/05/24 17:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/03 19:41:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NVH\Desktop\OTL.exe
[2013/06/03 19:27:51 | 000,008,774 | ---- | M] () -- C:\Users\NVH\Desktop\HitmanPro_20130603_1927.xml
[2013/06/03 19:20:45 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/03 19:19:41 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 19:19:41 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 19:16:56 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/06/03 19:16:56 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/06/03 19:16:56 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/06/03 19:16:56 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/06/03 19:16:56 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/06/03 19:12:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/03 19:12:00 | 4143,374,336 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/03 18:27:08 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/03 17:48:53 | 000,167,873 | ---- | M] () -- C:\Users\NVH\Desktop\CIBS POL. - Abg. Modus funktioniert nicht - Seite 2 - Trojaner-Board.htm
[2013/06/02 20:24:01 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/02 19:06:44 | 185,510,219 | ---- | M] () -- C:\Users\NVH\Documents\Thunderbird 17.0.5 (de) - 2013-06-02.pcv
[2013/06/02 19:04:40 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2013/06/02 18:30:15 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/02 18:10:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/06/02 18:00:57 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\NVH\Desktop\ComboFix.exe
[2013/06/02 17:03:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\NVH\Desktop\tdsskiller.exe
[2013/05/31 16:58:12 | 000,017,448 | ---- | M] () -- C:\Users\NVH\Documents\PCtippKünd.pdf
[2013/05/28 17:09:14 | 000,061,148 | ---- | M] () -- C:\Users\NVH\Documents\ER_2011mBmb12.pdf
[2013/05/26 10:47:43 | 000,767,801 | ---- | M] () -- C:\Users\NVH\Documents\318.370d_V.pdf
[2013/05/24 17:56:07 | 000,051,688 | ---- | M] () -- C:\Users\NVH\Documents\ER_2013mBkompr.pdf
[2013/05/24 17:55:56 | 000,049,595 | ---- | M] () -- C:\Users\NVH\Documents\ER_2013oBkompr.pdf
[2013/05/24 17:55:46 | 000,061,420 | ---- | M] () -- C:\Users\NVH\Documents\ER_2013mBmb14.pdf
[2013/05/24 17:40:53 | 000,049,595 | ---- | M] () -- C:\Users\NVH\Documents\ER_2013oBkomprPDF.pdf
[2013/05/24 17:40:30 | 000,061,420 | ---- | M] () -- C:\Users\NVH\Documents\ER_2013mBmb14PDF.pdf
[2013/05/24 17:40:05 | 000,051,688 | ---- | M] () -- C:\Users\NVH\Documents\ER_2013mBkomprPDF.pdf
[2013/05/22 16:25:58 | 000,002,516 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2013/05/16 08:56:27 | 000,417,248 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/06/03 19:27:51 | 000,008,774 | ---- | C] () -- C:\Users\NVH\Desktop\HitmanPro_20130603_1927.xml
[2013/06/03 19:20:45 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/06/03 18:27:08 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/03 18:27:08 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/03 17:48:50 | 000,167,873 | ---- | C] () -- C:\Users\NVH\Desktop\CIBS POL. - Abg. Modus funktioniert nicht - Seite 2 - Trojaner-Board.htm
[2013/06/02 19:05:20 | 185,510,219 | ---- | C] () -- C:\Users\NVH\Documents\Thunderbird 17.0.5 (de) - 2013-06-02.pcv
[2013/06/02 18:30:15 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/02 18:02:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/06/02 18:02:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/06/02 18:02:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/06/02 18:02:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/06/02 18:02:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/05/31 16:58:11 | 000,017,448 | ---- | C] () -- C:\Users\NVH\Documents\PCtippKünd.pdf
[2013/05/28 17:09:13 | 000,061,148 | ---- | C] () -- C:\Users\NVH\Documents\ER_2011mBmb12.pdf
[2013/05/25 12:29:11 | 000,767,801 | ---- | C] () -- C:\Users\NVH\Documents\318.370d_V.pdf
[2013/05/24 17:54:38 | 000,049,595 | ---- | C] () -- C:\Users\NVH\Documents\ER_2013oBkompr.pdf
[2013/05/24 17:54:31 | 000,051,688 | ---- | C] () -- C:\Users\NVH\Documents\ER_2013mBkompr.pdf
[2013/05/24 17:54:16 | 000,061,420 | ---- | C] () -- C:\Users\NVH\Documents\ER_2013mBmb14.pdf
[2013/05/24 17:40:52 | 000,049,595 | ---- | C] () -- C:\Users\NVH\Documents\ER_2013oBkomprPDF.pdf
[2013/05/24 17:40:30 | 000,061,420 | ---- | C] () -- C:\Users\NVH\Documents\ER_2013mBmb14PDF.pdf
[2013/05/24 17:40:04 | 000,051,688 | ---- | C] () -- C:\Users\NVH\Documents\ER_2013mBkomprPDF.pdf
[2013/02/09 16:35:16 | 000,150,944 | ---- | C] () -- C:\windows\Wiainst64.exe
[2013/02/09 16:35:01 | 001,554,336 | ---- | C] () -- C:\windows\TotalUninstaller.exe
[2012/12/14 17:28:39 | 000,008,513 | ---- | C] () -- C:\Users\NVH\lbl_3x8.lbl
[2012/12/14 17:28:39 | 000,005,662 | ---- | C] () -- C:\Users\NVH\lbl_3x8.lbv
[2012/12/14 17:28:39 | 000,000,000 | ---- | C] () -- C:\Users\NVH\lbl_3x8.~lbl
[2012/12/12 14:30:44 | 000,094,208 | ---- | C] () -- C:\windows\SysWow64\ssdevm.dll
[2012/12/08 21:01:33 | 000,000,060 | R--- | C] () -- C:\Program Files (x86)\BRINST.INI
[2012/07/09 16:28:49 | 000,000,202 | ---- | C] () -- C:\windows\CLX.WinFIBUKernel.INI
[2012/07/05 18:25:49 | 005,005,975 | ---- | C] () -- C:\Users\NVH\CLX1PreRestoreBackup20120705_182549.zip
[2012/06/26 14:10:39 | 005,002,108 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120626_141039.zip
[2012/06/22 18:34:19 | 004,996,654 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120622_183419.zip
[2012/06/22 18:09:58 | 004,996,650 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120622_180958.zip
[2012/06/07 20:01:40 | 004,989,429 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120607_200140.zip
[2012/05/28 15:08:15 | 004,988,979 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120528_150815.zip
[2012/05/28 12:44:19 | 004,980,227 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120528_124419.zip
[2012/05/16 15:51:45 | 004,932,391 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120516_155145.zip
[2012/05/13 18:15:18 | 004,927,986 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120513_181518.zip
[2012/04/30 17:50:37 | 004,927,990 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120430_175037.zip
[2012/04/27 14:13:18 | 004,918,348 | ---- | C] () -- C:\Users\NVH\CLX1Backup20120427_141318.zip
[2012/01/13 18:57:20 | 000,031,864 | ---- | C] () -- C:\windows\maxlink.ini
[2011/10/12 17:16:30 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/09/16 12:54:44 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/09/16 12:54:44 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/09/16 12:54:44 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/09/16 12:54:44 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/08/09 15:23:32 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011/01/21 19:36:47 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/16 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\NH\AppData\Roaming\DigitalPersona
[2011/10/05 12:04:00 | 000,000,000 | ---D | M] -- C:\Users\NH\AppData\Roaming\Leadertech
[2013/02/12 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\NH\AppData\Roaming\Samsung
[2011/08/16 18:02:15 | 000,000,000 | ---D | M] -- C:\Users\NH\AppData\Roaming\Thunderbird
[2012/10/04 11:46:02 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\Crealogix Printer Workfiles
[2011/01/21 12:43:28 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\DigitalPersona
[2012/05/01 16:12:11 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\Information Factory
[2012/11/25 17:51:07 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\PC-FAX TX
[2011/12/02 15:44:51 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\PCCleaner
[2013/05/24 17:24:09 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\PDF Architect
[2013/02/09 16:35:50 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\Samsung
[2011/08/10 12:42:04 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\SoftGrid Client
[2011/02/04 16:03:07 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\Thunderbird
[2011/02/04 15:28:26 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\TP
[2011/02/05 19:12:14 | 000,000,000 | ---D | M] -- C:\Users\NVH\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013/06/02 19:14:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/11/08 15:15:07 | 000,000,000 | ---D | M] -- C:\AMD
[2010/09/03 23:59:20 | 000,000,000 | ---D | M] -- C:\amd64
[2011/11/08 15:18:27 | 000,000,000 | ---D | M] -- C:\ATI
[2009/07/27 17:04:41 | 000,000,000 | ---D | M] -- C:\boot
[2013/06/03 18:29:03 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/09/03 23:15:15 | 000,000,000 | ---D | M] -- C:\EFI
[2013/02/13 15:44:58 | 000,000,000 | ---D | M] -- C:\FormOver
[2010/09/04 01:03:04 | 000,000,000 | ---D | M] -- C:\hp
[2011/01/21 12:45:17 | 000,000,000 | ---D | M] -- C:\HPMBackup
[2012/10/24 15:31:08 | 000,000,000 | ---D | M] -- C:\HP_RECOVERY_mountHPSF
[2011/02/04 15:33:25 | 000,000,000 | R--D | M] -- C:\MSOCache
[2012/06/16 17:47:59 | 000,000,000 | ---D | M] -- C:\Netgear
[2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/06/03 19:20:44 | 000,000,000 | R--D | M] -- C:\Program Files
[2013/06/03 19:10:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013/06/03 19:18:34 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/06/02 18:12:58 | 000,000,000 | ---D | M] -- C:\Qoobox
[2012/01/23 18:53:14 | 000,000,000 | ---D | M] -- C:\Signaturen
[2011/08/06 18:34:30 | 000,000,000 | ---D | M] -- C:\swsetup
[2013/06/03 19:57:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/02/07 19:41:24 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2011/11/08 16:16:02 | 000,000,000 | ---D | M] -- C:\Temp
[2013/02/12 17:15:12 | 000,000,000 | R--D | M] -- C:\Users
[2013/06/03 18:34:47 | 000,000,000 | ---D | M] -- C:\Windows
[2010/09/03 23:59:20 | 000,000,000 | ---D | M] -- C:\x86
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009/07/14 07:08:49 | 000,032,592 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/09/04 00:33:35 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/09/04 00:26:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/09/04 00:33:35 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/09/04 00:26:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/09/04 00:33:35 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/09/04 00:26:24 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/09/04 00:33:35 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/09/04 00:26:24 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 05:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\swsetup\Drivers\32\HDD\iaStor.sys
[2010/03/04 05:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\swsetup\INTELRST\Drivers\x32\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\Drivers\64\HDD\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\INTELRST\Drivers\x64\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\drivers\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 05:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/05/12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/04 00:33:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/09/04 00:33:35 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012/04/27 14:13:21 | 004,918,348 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120427_141318.zip
[2012/04/30 17:50:40 | 004,927,990 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120430_175037.zip
[2012/05/13 18:15:21 | 004,927,986 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120513_181518.zip
[2012/05/16 15:51:48 | 004,932,391 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120516_155145.zip
[2012/05/28 12:44:23 | 004,980,227 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120528_124419.zip
[2012/05/28 15:08:18 | 004,988,979 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120528_150815.zip
[2012/06/07 20:01:43 | 004,989,429 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120607_200140.zip
[2012/06/22 18:10:02 | 004,996,650 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120622_180958.zip
[2012/06/22 18:34:22 | 004,996,654 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120622_183419.zip
[2012/06/26 14:10:43 | 005,002,108 | ---- | M] () -- C:\Users\NVH\CLX1Backup20120626_141039.zip
[2012/07/05 18:25:52 | 005,005,975 | ---- | M] () -- C:\Users\NVH\CLX1PreRestoreBackup20120705_182549.zip
[2012/12/14 17:28:39 | 000,008,513 | ---- | M] () -- C:\Users\NVH\lbl_3x8.lbl
[2012/12/14 17:28:39 | 000,005,662 | ---- | M] () -- C:\Users\NVH\lbl_3x8.lbv
[2012/12/14 17:28:39 | 000,000,000 | ---- | M] () -- C:\Users\NVH\lbl_3x8.~lbl
[2013/06/03 20:00:03 | 002,097,152 | -HS- | M] () -- C:\Users\NVH\ntuser.dat
[2013/06/03 20:00:03 | 000,262,144 | -HS- | M] () -- C:\Users\NVH\ntuser.dat.LOG1
[2011/01/21 12:43:02 | 000,000,000 | -HS- | M] () -- C:\Users\NVH\ntuser.dat.LOG2
[2011/01/21 13:13:45 | 000,065,536 | -HS- | M] () -- C:\Users\NVH\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011/01/21 13:13:45 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011/01/21 13:13:45 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012/10/29 15:41:20 | 000,065,536 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{2eca94fd-21ce-11e2-a349-bc0e2cdbb055}.TM.blf
[2012/10/29 15:41:20 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{2eca94fd-21ce-11e2-a349-bc0e2cdbb055}.TMContainer00000000000000000001.regtrans-ms
[2012/10/29 15:41:20 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{2eca94fd-21ce-11e2-a349-bc0e2cdbb055}.TMContainer00000000000000000002.regtrans-ms
[2012/11/03 17:32:52 | 000,065,536 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{93689ed4-25cb-11e2-a3cc-a81ad3be8455}.TM.blf
[2012/11/03 17:32:52 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{93689ed4-25cb-11e2-a3cc-a81ad3be8455}.TMContainer00000000000000000001.regtrans-ms
[2012/11/03 17:32:52 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{93689ed4-25cb-11e2-a3cc-a81ad3be8455}.TMContainer00000000000000000002.regtrans-ms
[2011/02/07 19:43:49 | 000,065,536 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{9a11eaee-321e-11e0-b6f6-cbfc18ae0421}.TM.blf
[2011/02/07 19:43:49 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{9a11eaee-321e-11e0-b6f6-cbfc18ae0421}.TMContainer00000000000000000001.regtrans-ms
[2011/02/07 19:43:49 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{9a11eaee-321e-11e0-b6f6-cbfc18ae0421}.TMContainer00000000000000000002.regtrans-ms
[2013/03/26 19:42:33 | 000,065,536 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{ad66ba46-962e-11e2-ae89-df479dcbf92c}.TM.blf
[2013/03/26 19:42:33 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{ad66ba46-962e-11e2-ae89-df479dcbf92c}.TMContainer00000000000000000001.regtrans-ms
[2013/03/26 19:42:33 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{ad66ba46-962e-11e2-ae89-df479dcbf92c}.TMContainer00000000000000000002.regtrans-ms
[2013/05/16 08:54:13 | 000,065,536 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{f8193aaa-b336-11e2-891a-c5e142c82e55}.TM.blf
[2013/05/16 08:54:13 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{f8193aaa-b336-11e2-891a-c5e142c82e55}.TMContainer00000000000000000001.regtrans-ms
[2013/05/16 08:54:13 | 000,524,288 | -HS- | M] () -- C:\Users\NVH\ntuser.dat{f8193aaa-b336-11e2-891a-c5e142c82e55}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 16:09:59 | 000,000,020 | -HS- | M] () -- C:\Users\NVH\ntuser.ini
[2011/02/04 15:37:35 | 000,000,000 | ---- | M] () -- C:\Users\NVH\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
Extra.txt kann ich nirgends finden. Sorry

auch beim 2. Scan wurde kein extra.txt generiert

markusg 03.06.2013 19:42
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe File not found
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1002..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
-hidden File not found
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File
not found
O4 - HKU\S-1-5-21-3834777946-2767378379-115329810-1006..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -update
plugin File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

chouia 03.06.2013 19:55
Markus
Weder im Firefox, noch im IE gibt es ungewollte Toolbars, oder ersichtliche Umleitungen.
Beide Browser laufen normal. PC und Programme laufen soweit gut.
Code:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DTRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3834777946-2767378379-115329810-1002\Software\Microsoft\Windows\CurrentVersion\Run\\LightScribe Control Panel deleted successfully.
File C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe not found.
Registry value HKEY_USERS\S-1-5-21-3834777946-2767378379-115329810-1006\Software\Microsoft\Windows\CurrentVersion\Run\\KiesPDLR deleted successfully.
File C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found.
Registry value HKEY_USERS\S-1-5-21-3834777946-2767378379-115329810-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
File C:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe -update not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
 
User: NH
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NVH
->Temp folder emptied: 56187449 bytes
->Temporary Internet Files folder emptied: 1406092 bytes
->FireFox cache emptied: 22168410 bytes
->Flash cache emptied: 506 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30974 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5766 bytes
 
Total Files Cleaned = 76.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06032013_204953

Files\Folders moved on Reboot...
C:\Users\NVH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 03.06.2013 20:35
Hi,
wenn ich die Aussage "soweit" höre, muss ich nachfragen, ob es doch noch irgendwas gibt :-)

chouia 03.06.2013 21:18
Hallo Markus
Ich habe nun sämtliche Programme mindestens ein mal geöffnet, sowie den PC mehrmals neu gestartet. Alles läuft bestens.
Vielen herzlichen Dank für Deine Hilfe und wie gesagt, eine Spende folgt.
Gruss & Gute Nacht
George

markusg 03.06.2013 21:46
hi,
öffne mal otl, klicke bereinigen, PC startet neu, löscht remover.
Lösche übrig gebliebene Logs, Setups, von uns verwendete Programme.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

chouia 04.06.2013 14:26
Hi Markus
Ich habe bis auf "Sandboxie" alle Empfehlungen umgesetzt.
Ich habe den Emsisoft Anti-Malware 7 gekauft und installiert. Welche besonderen Einstellungen muss ich beachten?
Gruss
George

markusg 04.06.2013 14:29
Wo ist das Problem mit Sandboxie, die ist ein wichtiger Bestandteil um dich gegen Angriffe zu schützen, die über das Internet stattfinden
die Sandbox hätte zu 99 % diese Infektion verhindert.

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.

chouia 04.06.2013 14:34
Markus
Sandboxie kommt noch. Ich hatte einfach noch nicht die Zeit dazu.

markusg 04.06.2013 14:35
aso, wollte nur mal gefragt haben :-)

chouia 04.06.2013 16:03
So nun ist auch die Sandboxie installiert und den Anleitungen entsprechend konfiguriert.
Fehlt noch was?

markusg 04.06.2013 16:18
Hi
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.

chouia 13.06.2013 00:48
Hi Markus
Hat eine weile gedauert, aber nun ist die Checkliste durchgearbeitet und alles ist so wie von Dir vorgeschlagen.
Herzlichen Dank für alles.
Lieber Gruss
George

markusg 13.06.2013 11:15
sehr gut, hinweisen möchte ich noch, auf die Möglichkeit zu spenden, damit halten wir das Forum am laufen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131