Trojaner-Board - Sparkassen Trojaner Entfernen

Hallo,
Habe Oldtimer schon, Konto ist auch schon gesperrt habe ich auch geschireben. Hier ist der Auszug den OTL mir gibt:OTL Logfile:

Code:

OTL Extras logfile created on: 28.11.2011 17:39:49 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\W7Test\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,87% Memory free

8,00 Gb Paging File | 5,96 Gb Available in Paging File | 74,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232,79 Gb Total Space | 165,19 Gb Free Space | 70,96% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 1397,26 Gb Total Space | 1210,21 Gb Free Space | 86,61% Space Free | Partition Type: NTFS

 

Computer Name: W7TEST-PC | User Name: W7Test | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.reg [@ = regfile] -- "regedit.exe" "%1"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.reg [@ = regfile] -- "regedit.exe" "%1"

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- "regedit.exe" "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- "regedit.exe" "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{17118574-A5FD-4323-B005-311326F748B3}" = AVG 2011

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{6109D717-F3F7-4880-A790-45FDB84FF21C}" = AVG 2011

"{69B9EA74-CEF1-3AE9-FE26-3BB5601E29A6}" = ccc-utility64

"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding

"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes

"{6DC8FF97-A9CF-02F2-8FC1-F5E1B69A34E3}" = AMD AVIVO64 Codecs

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{A134DC03-2C81-C8D2-5476-D7D9AD3F43CC}" = AMD Catalyst Install Manager

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FB2DC25C-BF52-CA8A-9957-52FBAD4E955C}" = AMD Media Foundation Decoders

"AVG" = AVG 2011

"ImDisk" = ImDisk Virtual Disk Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{17BD95E5-2A54-0A2B-82D4-AC782217B3F8}" = CCC Help Thai

"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding

"{1C78514A-5E5A-E653-1271-DAC1744206E3}" = HydraVision

"{203FB0BF-C26B-A69C-E603-E3FB448EFB9B}" = CCC Help Greek

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22

"{3000829F-3C20-16B9-EBF0-9665BD349DF1}" = Catalyst Control Center Graphics Previews Common

"{354D756E-C1C4-7ABF-CC12-8DBA3A782625}" = CCC Help Norwegian

"{3D2AD820-0C15-C863-F056-5501091E9B85}" = CCC Help Spanish

"{3F101706-5B5F-99A7-59EE-1CF037FC2A10}" = CCC Help Czech

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{54054F2E-03B7-2907-3452-3DB1EB85E973}" = CCC Help Dutch

"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV

"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5D237863-D917-17B9-1645-713A41FB8CC0}" = CCC Help Turkish

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6F95709A-B60B-B099-AF6E-32FB078B0DFA}" = CCC Help French

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{762F16BC-88B5-9689-4191-353FD630DA98}" = CCC Help Japanese

"{7799BE29-0992-5FD9-5C44-17843E39A7AB}" = Catalyst Control Center Localization All

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A0E891F-DA67-4305-BB8C-B2F2F58FEC05}" = Brother MFC-465CN

"{81E6A0C5-53BA-91C4-E381-BAD1A3F1B04B}" = CCC Help English

"{85030773-2A43-8ACE-F6FD-29958AE19924}" = CCC Help Italian

"{89F0F75F-A226-0399-053D-61448AA4E6F8}" = CCC Help Portuguese

"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 

"{909E265A-037A-9177-248B-CF1B04D9DBB6}" = Application Profiles

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"{99F1ADE8-AF52-58B6-9F72-0D88ED512616}" = CCC Help Russian

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{B4164865-081E-5539-FE40-FA24A909AB30}" = CCC Help Danish

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BD9A4DF3-727C-4F69-807A-B82566A36714}" = Trust WB-3400T Webcam 

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DF112B8F-D0B5-3421-BDF1-76CC3A8504A5}" = CCC Help German

"{E089C847-6667-BDA0-A9A3-42C79748E291}" = CCC Help Polish

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{E8E5C24D-C43D-32F9-9F10-A7113F5D16F8}" = CCC Help Korean

"{E9876984-35CE-4D31-2408-86154AD2AB91}" = CCC Help Swedish

"{EBC5D379-7166-D9C6-1FB7-CB1658E125D1}" = CCC Help Chinese Traditional

"{ED082826-CCAC-1F22-67B3-40E6149AB56C}" = CCC Help Finnish

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F31B5936-E765-BF72-EB28-AF4E71966842}" = CCC Help Chinese Standard

"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro

"{F5DB4726-E7D3-2400-13F9-C470A3C9FD1F}" = Catalyst Control Center

"{FC384AF3-A370-2EE7-3F65-965C3819780B}" = Catalyst Control Center InstallProxy

"{FCBEFF93-3A91-F55E-4CB6-DD6E30B84964}" = CCC Help Hungarian

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"EAX Unified" = EAX Unified

"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)

"PunkBusterSvc" = PunkBuster Services

"Reason5_is1" = Reason 5.0

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions

"Xfire" = Xfire (remove only)

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 27.11.2011 10:10:00 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2028

 

Error - 27.11.2011 10:10:01 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 27.11.2011 10:10:01 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3026

 

Error - 27.11.2011 10:10:01 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3026

 

Error - 27.11.2011 10:10:02 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 27.11.2011 10:10:02 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4040

 

Error - 27.11.2011 10:10:02 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4040

 

Error - 27.11.2011 10:10:03 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 27.11.2011 10:10:03 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5039

 

Error - 27.11.2011 10:10:03 | Computer Name = W7Test-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

 

[ Media Center Events ]

Error - 22.08.2011 05:23:37 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 11:23:37 - Fehler beim Herstellen der Internetverbindung.  11:23:37 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 22.08.2011 06:23:57 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 12:23:56 - Fehler beim Herstellen der Internetverbindung.  12:23:56 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 22.08.2011 09:25:18 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 15:25:17 - Fehler beim Herstellen der Internetverbindung.  15:25:17 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 01.09.2011 10:06:41 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 16:06:40 - Fehler beim Herstellen der Internetverbindung.  16:06:40 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 01.09.2011 11:17:06 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 17:17:05 - Fehler beim Herstellen der Internetverbindung.  17:17:05 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 06.09.2011 11:25:17 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 17:25:17 - Fehler beim Herstellen der Internetverbindung.  17:25:17 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 16.09.2011 10:55:54 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 16:55:54 - Fehler beim Herstellen der Internetverbindung.  16:55:54 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 26.09.2011 11:07:18 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 17:07:17 - Fehler beim Herstellen der Internetverbindung.  17:07:17 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 26.09.2011 12:07:24 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 18:07:23 - Fehler beim Herstellen der Internetverbindung.  18:07:23 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 06.10.2011 11:32:45 | Computer Name = W7Test-PC | Source = MCUpdate | ID = 0

Description = 17:32:44 - Fehler beim Herstellen der Internetverbindung.  17:32:44 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ System Events ]

Error - 27.11.2011 12:44:43 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 27.11.2011 12:45:07 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ntiomin

 

Error - 27.11.2011 16:36:30 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 27.11.2011 16:37:30 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ntiomin

 

Error - 28.11.2011 07:12:31 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 28.11.2011 07:13:25 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ntiomin

 

Error - 28.11.2011 11:58:42 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 28.11.2011 11:59:36 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ntiomin

 

Error - 28.11.2011 12:15:42 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%2

 

Error - 28.11.2011 12:16:08 | Computer Name = W7Test-PC | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   ntiomin

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 28.11.2011 17:39:49 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\W7Test\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,87% Memory free

8,00 Gb Paging File | 5,96 Gb Available in Paging File | 74,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232,79 Gb Total Space | 165,19 Gb Free Space | 70,96% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive E: | 1397,26 Gb Total Space | 1210,21 Gb Free Space | 86,61% Space Free | Partition Type: NTFS

 

Computer Name: W7TEST-PC | User Name: W7Test | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.28 17:25:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\W7Test\Downloads\OTL.exe

PRC - [2011.11.28 17:19:54 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\W7Test\AppData\Local\Temp\RWS7703.exe

PRC - [2011.09.29 21:06:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe

PRC - [2011.09.08 16:27:01 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011.09.08 16:27:01 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011.05.21 15:46:37 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.09.24 02:58:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010.12.07 13:20:32 | 000,011,264 | ---- | M] (Olof Lagerkvist) [Disabled | Stopped] -- C:\Windows\SysNative\imdsksvc.exe -- (ImDskSvc)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.11.14 20:19:38 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.09.29 21:06:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.09.01 08:17:00 | 001,025,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.09.24 03:58:12 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011.09.24 02:19:14 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011.05.27 18:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011.04.04 23:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011.03.30 00:13:00 | 000,033,656 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)

DRV:64bit: - [2011.03.19 20:22:30 | 000,024,960 | ---- | M] (Redcl0ud) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xbcd.sys -- (XBCD)

DRV:64bit: - [2011.03.16 15:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011.03.01 13:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011.02.22 07:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011.02.10 06:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011.01.07 05:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2010.12.07 13:20:35 | 000,034,776 | ---- | M] (Olof Lagerkvist) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\imdisk.sys -- (ImDisk)

DRV:64bit: - [2010.12.07 11:27:01 | 000,017,360 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\awealloc.sys -- (AWEAlloc)

DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 03:03:44 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.10.31 07:54:56 | 000,012,024 | ---- | M] (ZoneOS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zsport.sys -- (zonescreen)

DRV:64bit: - [2010.09.22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2010.05.25 14:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2010.05.25 14:59:24 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV:64bit: - [2010.05.25 14:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2010.05.25 14:59:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2010.05.25 14:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2009.10.28 11:10:02 | 000,346,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.06.10 16:59:32 | 000,024,576 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RPGMOUSEV1.sys -- (KMWDFILTERV1)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV:64bit: - [2008.08.06 17:08:46 | 001,077,760 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGUx64.sys -- (A5AGU)

DRV:64bit: - [2008.07.31 19:45:44 | 000,024,328 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)

DRV:64bit: - [2008.07.02 13:58:50 | 000,031,624 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)

DRV:64bit: - [2007.10.19 10:37:56 | 000,543,232 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ltn_stk7070P_64.sys -- (Ltn_stk7070P_64)

DRV:64bit: - [2007.05.14 09:25:56 | 000,573,952 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)

DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)

DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100842&mntrId=00c388c600000000000000012e2724e0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 94 51 67 B5 E5 CB 01  [binary data]

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()

IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found

IE - HKCU\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=00c388c600000000000000012e2724e0&tlver=1.4.35.10&affID=100842"

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011.10.22 01:24:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.05.12 17:13:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.08 16:27:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2011.03.27 12:00:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W7Test\AppData\Roaming\mozilla\Extensions

[2011.10.22 15:04:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\W7Test\AppData\Roaming\mozilla\Firefox\Profiles\yh1io34k.default\extensions

[2011.05.28 16:07:40 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\W7Test\AppData\Roaming\mozilla\Firefox\Profiles\yh1io34k.default\extensions\cacaoweb@cacaoweb.org

[2011.10.01 18:20:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.04.17 12:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\W7TEST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YH1IO34K.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\W7TEST\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YH1IO34K.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI

[2011.09.08 16:27:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.22 14:58:08 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.29 17:20:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.11.23 21:34:43 | 000,001,084 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com

O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com

O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com

O1 - Hosts: 127.0.0.1       orbitservice.ubi.com

O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com

O1 - Hosts: 74.208.105.171 gs.apple.com 

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()

O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AAD214C-89C2-4090-B831-6CF2D50004D0}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\avgsecuritytoolbar - No CLSID value found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found

O29 - HKLM SecurityProviders - (credssp.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{20c112b4-74df-11e0-9903-00012e2724e0}\Shell - "" = AutoRun

O33 - MountPoints2\{20c112b4-74df-11e0-9903-00012e2724e0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.24 20:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Biet-O-Matic

[2011.11.21 22:34:35 | 000,000,000 | ---D | C] -- C:\Users\W7Test\Documents\GTA San Andreas User Files

[2011.11.16 20:40:57 | 000,000,000 | ---D | C] -- C:\Users\W7Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ

[2011.11.16 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ

[2011.11.16 20:40:53 | 000,000,000 | ---D | C] -- C:\Users\W7Test\Documents\VirtualDJ

[2011.11.16 20:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ

[2011.11.16 19:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.11.16 19:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.11.16 19:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2011.11.16 19:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.11.16 19:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2011.11.16 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.11.16 19:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2011.11.16 18:58:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.11.12 21:02:03 | 000,000,000 | ---D | C] -- C:\Users\W7Test\AppData\Roaming\BOM

[2011.11.06 18:17:14 | 000,000,000 | ---D | C] -- C:\Users\W7Test\AppData\Local\Activision

[2011.11.06 13:30:53 | 000,000,000 | ---D | C] -- C:\Users\W7Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2011.11.06 13:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

[2011.11.06 13:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam

[2011.11.06 11:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam

[2011.11.05 11:32:53 | 000,000,000 | ---D | C] -- C:\Users\W7Test\AppData\Roaming\NetSpeedMonitor

[2011.11.05 11:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor

[2011.11.03 14:26:27 | 000,000,000 | ---D | C] -- C:\Users\W7Test\AppData\Local\Rockstar Games

[2011.10.31 12:10:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Users\W7Test\taskmgr.exe

[2011.10.31 12:10:34 | 000,000,000 | RHSD | C] -- C:\Users\W7Test\M-1-52-5782-8752-5245

[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.28 17:23:12 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.28 17:23:12 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.28 17:21:42 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.28 17:21:42 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.11.28 17:21:42 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.28 17:21:42 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.11.28 17:21:42 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.11.28 17:15:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.28 17:15:36 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.28 13:00:14 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.11.28 13:00:14 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.28 12:59:33 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2011.11.28 12:33:58 | 000,000,000 | ---- | M] () -- C:\Users\W7Test\AppData\Local\prvlcl.dat

[2011.11.28 12:18:49 | 139,220,709 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2011.11.23 21:34:43 | 000,001,084 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011.11.23 20:25:51 | 000,074,416 | ---- | M] () -- C:\Users\W7Test\Desktop\Unbenannt.PNG

[2011.11.19 22:36:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.11.17 16:59:13 | 004,977,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.11.16 20:41:36 | 000,001,442 | ---- | M] () -- C:\Users\W7Test\Desktop\virtualdj - Verknüpfung.lnk

[2011.11.16 19:12:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.11.16 18:58:28 | 000,000,600 | ---- | M] () -- C:\Users\W7Test\AppData\Roaming\winscp.rnd

[2011.11.13 18:36:24 | 000,253,176 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2011.11.06 18:16:59 | 000,000,221 | ---- | M] () -- C:\Users\W7Test\Desktop\Call of Duty Black Ops - Multiplayer.url

[2011.11.06 18:16:07 | 000,000,600 | ---- | M] () -- C:\Users\W7Test\AppData\Local\PUTTY.RND

[2011.10.31 13:42:24 | 000,002,124 | ---- | M] () -- C:\Users\W7Test\Desktop\Mods.lnk

[10 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.11.23 20:25:51 | 000,074,416 | ---- | C] () -- C:\Users\W7Test\Desktop\Unbenannt.PNG

[2011.11.19 22:36:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011.11.16 20:41:36 | 000,001,442 | ---- | C] () -- C:\Users\W7Test\Desktop\virtualdj - Verknüpfung.lnk

[2011.11.16 19:12:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.11.12 21:02:03 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll

[2011.11.06 18:16:59 | 000,000,221 | ---- | C] () -- C:\Users\W7Test\Desktop\Call of Duty Black Ops - Multiplayer.url

[2011.10.31 13:42:24 | 000,002,124 | ---- | C] () -- C:\Users\W7Test\Desktop\Mods.lnk

[2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2011.09.23 21:15:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll

[2011.09.14 18:42:13 | 000,000,600 | ---- | C] () -- C:\Users\W7Test\AppData\Roaming\winscp.rnd

[2011.09.14 17:44:12 | 000,000,600 | ---- | C] () -- C:\Users\W7Test\AppData\Local\PUTTY.RND

[2011.08.22 17:20:33 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.06.16 15:52:15 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.06.16 15:50:41 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2011.06.09 16:57:11 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini

[2011.05.29 14:45:53 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll

[2011.05.29 14:45:46 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll

[2011.05.29 14:45:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll

[2011.05.28 13:19:29 | 000,006,336 | ---- | C] () -- C:\Users\W7Test\AppData\Roaming\data.dat

[2011.05.17 16:00:54 | 000,000,017 | ---- | C] () -- C:\Users\W7Test\AppData\Local\resmon.resmoncfg

[2011.05.17 15:46:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.05.17 15:46:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2011.05.17 15:46:02 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\error.dat

[2011.05.17 15:46:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2011.04.05 16:08:29 | 000,000,000 | ---- | C] () -- C:\Users\W7Test\AppData\Local\prvlcl.dat

[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011.03.09 16:08:37 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2011.03.09 16:08:37 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2011.03.04 08:01:54 | 000,005,120 | ---- | C] () -- C:\Users\W7Test\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.02 20:32:51 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.03.02 20:32:34 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.03.01 11:58:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.01.31 13:48:36 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP7311.ini

[2006.11.02 08:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\SP207.ini

[2005.01.25 14:15:42 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\PA207USD.DLL

[2003.04.01 06:37:16 | 000,233,472 | R--- | C] () -- C:\Windows\SysWow64\MafiaSetup.exe

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:05EE1EEF
 

< End of report >

--- --- ---

Hoffe dass ihr damit was anfangen könnt.
Gruß

Hallo,
Habe ComboFix drüber laufen lassen. Habe Folgendes Log bekommen. Wenn ich nun auf die seite Gehe erscheinen auch keine meldungen mehr. Hoffe das jetzt wirklich alles weg ist. Kann ich jetzt sicher wieder Onlinebanking machen ?

Hier das Log:

Combofix Logfile:

Code:

ComboFix 11-11-28.02 - W7Test 28.11.2011  18:27:32.1.2 - x64

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4094.2507 [GMT 1:00]

ausgeführt von:: c:\users\W7Test\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\W7Test\AppData\Roaming\data.dat

c:\users\W7Test\Taskmgr.exe

c:\windows\iun6002.exe

c:\windows\SysWow64\Inetde.dll

C:\WinLogon

c:\winlogon\327404A6B0B8C9E

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-28 bis 2011-11-28  ))))))))))))))))))))))))))))))

.

.

2011-11-28 17:32 . 2011-11-28 17:32        --------        d-----w-        c:\users\MaxämD.King!\AppData\Local\temp

2011-11-28 17:32 . 2011-11-28 17:32        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-11-16 19:40 . 2011-11-16 19:41        --------        d-----w-        c:\program files (x86)\VirtualDJ

2011-11-16 18:12 . 2011-11-16 18:12        --------        d-----w-        c:\program files\iTunes

2011-11-16 18:12 . 2011-11-16 18:12        --------        d-----w-        c:\program files (x86)\iTunes

2011-11-16 18:12 . 2011-11-16 18:12        --------        d-----w-        c:\program files\iPod

2011-11-16 18:11 . 2011-11-16 18:11        --------        d-----w-        c:\program files (x86)\Apple Software Update

2011-11-16 18:10 . 2011-11-16 18:10        --------        d-----w-        c:\program files\Bonjour

2011-11-16 18:10 . 2011-11-16 18:10        --------        d-----w-        c:\program files (x86)\Bonjour

2011-11-12 20:02 . 2011-11-28 11:57        --------        d-----w-        c:\users\W7Test\AppData\Roaming\BOM

2011-11-06 17:17 . 2011-11-06 17:17        --------        d-----w-        c:\users\W7Test\AppData\Local\Activision

2011-11-06 12:24 . 2011-11-27 11:21        --------        d-----w-        c:\program files (x86)\Steam

2011-11-06 10:09 . 2011-11-15 20:00        --------        d-----w-        c:\program files (x86)\Common Files\Steam

2011-11-05 10:32 . 2011-11-28 17:32        --------        d-----w-        c:\users\W7Test\AppData\Roaming\NetSpeedMonitor

2011-11-05 10:30 . 2011-11-05 10:30        --------        d-----w-        c:\program files\NetSpeedMonitor

2011-11-03 13:26 . 2011-11-03 13:35        --------        d-----w-        c:\users\W7Test\AppData\Local\Rockstar Games

2011-10-31 11:10 . 2011-10-31 17:47        --------        d-sh--r-        c:\users\W7Test\M-1-52-5782-8752-5245

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 12:00 . 2011-03-13 16:07        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-11-28 12:00 . 2011-03-02 19:32        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-11-28 11:59 . 2011-03-02 19:32        103736        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-10-13 20:29 . 2011-10-13 20:29        42392        ----a-w-        c:\windows\SysWow64\xfcodec.dll

2011-10-13 20:29 . 2011-10-13 20:29        28056        ----a-w-        c:\windows\system32\xfcodec64.dll

2011-09-29 20:06 . 2011-03-02 19:32        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-09-24 02:58 . 2011-09-24 02:58        10207232        ----a-w-        c:\windows\system32\drivers\atikmdag.sys

2011-09-24 02:12 . 2011-09-24 02:12        24604160        ----a-w-        c:\windows\system32\atio6axx.dll

2011-09-24 02:03 . 2011-09-24 02:03        159744        ----a-w-        c:\windows\system32\atiapfxx.exe

2011-09-24 02:03 . 2011-01-26 23:00        736768        ----a-w-        c:\windows\SysWow64\aticfx32.dll

2011-09-24 02:01 . 2011-01-26 22:59        867328        ----a-w-        c:\windows\system32\aticfx64.dll

2011-09-24 01:59 . 2011-09-24 01:59        466944        ----a-w-        c:\windows\system32\ATIDEMGX.dll

2011-09-24 01:59 . 2011-09-24 01:59        487936        ----a-w-        c:\windows\system32\atieclxx.exe

2011-09-24 01:58 . 2011-09-24 01:58        204288        ----a-w-        c:\windows\system32\atiesrxx.exe

2011-09-24 01:57 . 2011-09-24 01:57        120320        ----a-w-        c:\windows\system32\atitmm64.dll

2011-09-24 01:57 . 2011-09-24 01:57        423424        ----a-w-        c:\windows\system32\atipdl64.dll

2011-09-24 01:56 . 2011-09-24 01:56        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll

2011-09-24 01:56 . 2011-09-24 01:56        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll

2011-09-24 01:56 . 2011-09-24 01:56        21504        ----a-w-        c:\windows\system32\atimuixx.dll

2011-09-24 01:56 . 2011-09-24 01:56        59392        ----a-w-        c:\windows\system32\atiedu64.dll

2011-09-24 01:56 . 2011-09-24 01:56        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll

2011-09-24 01:56 . 2011-09-24 01:56        18587648        ----a-w-        c:\windows\SysWow64\atioglxx.dll

2011-09-24 01:53 . 2011-01-26 22:49        4231680        ----a-w-        c:\windows\SysWow64\atidxx32.dll

2011-09-24 01:43 . 2011-01-26 22:40        4960768        ----a-w-        c:\windows\system32\atidxx64.dll

2011-09-24 01:43 . 2011-09-24 01:43        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll

2011-09-24 01:42 . 2011-09-24 01:42        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll

2011-09-24 01:42 . 2011-09-24 01:42        4023296        ----a-w-        c:\windows\system32\atiumd6a.dll

2011-09-24 01:35 . 2011-09-24 01:35        51200        ----a-w-        c:\windows\system32\aticalrt64.dll

2011-09-24 01:34 . 2011-09-24 01:34        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll

2011-09-24 01:34 . 2011-09-24 01:34        44544        ----a-w-        c:\windows\system32\aticalcl64.dll

2011-09-24 01:34 . 2011-09-24 01:34        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll

2011-09-24 01:34 . 2011-09-24 01:34        9809920        ----a-w-        c:\windows\system32\aticaldd64.dll

2011-09-24 01:32 . 2011-09-24 01:32        4289024        ----a-w-        c:\windows\SysWow64\atiumdag.dll

2011-09-24 01:32 . 2011-09-24 01:32        4174848        ----a-w-        c:\windows\SysWow64\atiumdva.dll

2011-09-24 01:31 . 2011-09-24 01:31        8390656        ----a-w-        c:\windows\SysWow64\aticaldd.dll

2011-09-24 01:27 . 2011-01-26 22:20        58880        ----a-w-        c:\windows\system32\coinst.dll

2011-09-24 01:26 . 2011-09-24 01:26        5431808        ----a-w-        c:\windows\system32\atiumd64.dll

2011-09-24 01:19 . 2011-09-24 01:19        479744        ----a-w-        c:\windows\system32\atiadlxx.dll

2011-09-24 01:19 . 2011-09-24 01:19        335872        ----a-w-        c:\windows\SysWow64\atiadlxy.dll

2011-09-24 01:19 . 2011-09-24 01:19        17408        ----a-w-        c:\windows\system32\atig6pxx.dll

2011-09-24 01:19 . 2011-09-24 01:19        14336        ----a-w-        c:\windows\SysWow64\atiglpxx.dll

2011-09-24 01:19 . 2011-09-24 01:19        14336        ----a-w-        c:\windows\system32\atiglpxx.dll

2011-09-24 01:19 . 2011-09-24 01:19        39936        ----a-w-        c:\windows\system32\atig6txx.dll

2011-09-24 01:19 . 2011-09-24 01:19        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll

2011-09-24 01:19 . 2011-09-24 01:19        317952        ----a-w-        c:\windows\system32\drivers\atikmpag.sys

2011-09-24 01:18 . 2011-01-26 22:12        40960        ----a-w-        c:\windows\system32\atiuxp64.dll

2011-09-24 01:18 . 2011-01-26 22:12        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll

2011-09-24 01:18 . 2011-09-24 01:18        38912        ----a-w-        c:\windows\system32\atiu9p64.dll

2011-09-24 01:18 . 2011-01-26 22:12        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll

2011-09-24 01:17 . 2011-09-24 01:17        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll

2011-09-24 01:16 . 2011-09-24 01:16        54784        ----a-w-        c:\windows\system32\atimpc64.dll

2011-09-24 01:16 . 2011-09-24 01:16        54784        ----a-w-        c:\windows\system32\amdpcom64.dll

2011-09-24 01:16 . 2011-09-24 01:16        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll

2011-09-24 01:16 . 2011-09-24 01:16        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll

2011-09-23 20:15 . 2011-09-23 20:15        66048        ----a-w-        c:\windows\system32\OpenVideo64.dll

2011-09-23 20:15 . 2011-09-23 20:15        56832        ----a-w-        c:\windows\SysWow64\OpenVideo.dll

2011-09-23 20:14 . 2011-09-23 20:14        16787456        ----a-w-        c:\windows\system32\amdocl64.dll

2011-09-23 20:14 . 2011-09-23 20:14        13753856        ----a-w-        c:\windows\SysWow64\amdocl.dll

2011-09-23 20:13 . 2011-09-23 20:13        51200        ----a-w-        c:\windows\system32\OpenCL.dll

2011-09-23 20:13 . 2011-09-23 20:13        43520        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-08-30 22:05 . 2011-08-30 22:05        96104        ----a-w-        c:\windows\system32\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05        85864        ----a-w-        c:\windows\system32\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05        61288        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05        212840        ----a-w-        c:\windows\system32\dnssdX.dll

2011-08-30 22:05 . 2011-08-30 22:05        83816        ----a-w-        c:\windows\SysWow64\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05        73064        ----a-w-        c:\windows\SysWow64\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05        50536        ----a-w-        c:\windows\SysWow64\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05        178536        ----a-w-        c:\windows\SysWow64\dnssdX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-09-01 07:16        2532680        ----a-w-        c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-23 343168]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi6"=KORGUM64.DRV

"midi7"=KORGUM64.DRV

"midi8"=KORGUM64.DRV

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

R1 ntiomin;ntiomin; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\system32\DRIVERS\AGUx64.sys [x]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]

R3 cpuz130;cpuz130;c:\users\W7Test\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]

R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\Drivers\KORGUM64.SYS [x]

R3 Ltn_stk7070P_64;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P_64.sys [x]

R3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys [x]

R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 zonescreen;zonescreen;c:\windows\system32\DRIVERS\zsport.sys [x]

R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]

R4 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-06 7751712]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]

"midi6"=KORGUM64.DRV

"midi7"=KORGUM64.DRV

"midi8"=KORGUM64.DRV

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100842&mntrId=00c388c600000000000000012e2724e0

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\users\W7Test\AppData\Roaming\Mozilla\Firefox\Profiles\yh1io34k.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=00c388c600000000000000012e2724e0&tlver=1.4.35.10&affID=100842

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{f0381dbd-e018-4e07-ae40-d96ab15083f0} - (no file)

URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)

AddRemove-EAX Unified - c:\program files (x86)\Creative\EAX Unified\Uninst.isu

AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 3 Beta\pbsvc.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3448253701-31467276-3005518428-1001\Software\SecuROM\License information*]

"datasecu"=hex:e3,7c,89,da,64,6a,54,8a,2a,92,3d,51,a9,e7,0d,8b,99,4e,a1,42,7b,

   b7,c0,20,fe,80,5e,04,d3,51,31,ae,57,73,b2,e2,44,d8,50,d9,8c,7d,92,cd,f5,5e,\

"rkeysecu"=hex:a6,dc,e6,75,b4,63,7c,72,c3,65,2c,83,66,38,be,e5

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-28  18:35:03

ComboFix-quarantined-files.txt  2011-11-28 17:35

.

Vor Suchlauf: 11 Verzeichnis(se), 178.958.041.088 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 190.452.154.368 Bytes frei

.

- - End Of File - - 1871D9DF04D9F435322C204CB5621E0C

--- --- ---

Gruß Vielen dank