Trojaner-Board - Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert - 50€ zahlen (https://www.trojaner-board.de/109995-sicherheitsgruenden-wurde-windowssystem-blockiert-50-zahlen.html)

Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert - 50€ zahlen

Hallo,

auch ich wurde gestern von dieser Meldung heimgesucht und habe mich nach dem ersten Schock mal schlau gemacht.

Ich habe dann gestern anhand dieser Anleitung
www.combrella.net/2011/12/07/neue-abzocke-aus-sicherheitsgrunden-wurde-ihr-windowssystem-blockiert/#comment-181
(wenn ich den Link nicht posten darf, tut es mir Leid, ich werde ihn dann sofort löschen)
meinen Computer im Abgesicherten Modus mit Eingabeaufforderung gestartet und bin der Anleitung gefolgt:

Zitat:

1.Windows neustarten
2. F8 drücken
3. Abgesicherten Modus mit eingabefunktion starten
4.”cd / ” eingeben
5.”msconfig.exe” eingeben
6. Startoptionen festlegen
(7. Bei der Datei “firefoxhelp” das Häckchen entfernen)

Da ich aber wie unter 7. beschrieben keine "firefoxhelp" Datei finden konnte, habe ich mich weiter umgesehen und bin auf eine verdächtige "firefox.exe (Tomasz Pawlak)" gestoßen, die als Startdateiname "Eight" heißt. Dort habe ich das Häckchen entfernt und seither den Sperrbildschirm nicht mehr gesehen.

Bevor ich also meinen PC im Abgesicherten Modus mit Netzwerk starte und die hier so oft beschriebene Prozedur mit OTL & Co durchführe, ist es notwendig, den Schritt wieder rückgängig zu machen?

Betriebssystem ist übrigens Windows 7 64bit

Das ist das Problem an solchen Anleitungen. Es muss nicht immer der Schädling sein, der in diesem Pfad liegt und sich als firefox.exe tarnt.

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Rechner im abgesicherten Modus mit Netzwerktreibern - ist gestartet :)

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Ok, der letzte Scan hat eine Weile gedauert... ^^

Logs von Malwarebytes:

mbam-log-2012-02-14 (17-45-28)
(Das war nur ein Quick-Scan, im normalen Modus glaube ich.)

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.14.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anja :: MEDION-PC [Administrator]
 

Schutz: Aktiviert
 

14.02.2012 17:45:28

mbam-log-2012-02-14 (17-45-28).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 183505

Laufzeit: 2 Minute(n), 45 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Anja\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Und diesen Vollscan habe ich gerade gemacht:
mbam-log-2012-02-15 (20-25-28)

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.15.03
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Anja :: MEDION-PC [Administrator]
 

Schutz: Deaktiviert
 

15.02.2012 20:25:28

mbam-log-2012-02-15 (20-25-28).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 334005

Laufzeit: 23 Minute(n), 25 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Eset Online Scanner Log:

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-15 09:04:11

# local_time=2012-02-15 10:04:11 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 17706844 80966413 0 0

# compatibility_mode=8192 67108863 100 0 3726 3726 0 0

# scanned=162368

# found=2

# cleaned=0

# scan_time=3287

C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe        a variant of Win32/1AntiVirus application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Anja\AppData\Local\Mozilla\Firefox\firefox.exe        Win32/LockScreen.AIG trojan (unable to clean)        00000000000000000000000000000000        I

Ok, funktioniert der nromale Modus wieder?

Der normale Modus ging vorher schon, weil ich ja wie anfangs erwähnt, diese seltsame firefox.exe (aka "Eight") aus dem Systemstart genommen habe. (siehe Anhang)

Soll ich das vorher rückgängig machen, bevor ich wieder den normalen Modus teste oder so belassen?
Wenn es aktiviert ist, bekomme ich sicher wieder diesen Sperrbildschirm.

Nien lass das so wie es jetzt ist! :eek:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Ok, keine Panik, ich fasse nichts an! ;)
Soll ich den Scan noch im abgesicherten Modus oder schon im normalen durchführen? Und hat der auch bis morgen Zeit oder sollte ich ihn lieber sofort machen? Ich würde ansonsten langsam mal offline gehen, muss morgen wieder arbeiten.

Mach es dann morgen im normalen Modus

OTL Log

Code:

OTL logfile created on: 2/16/2012 5:10:52 PM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Anja\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.98 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.88% Memory free

7.96 Gb Paging File | 6.14 Gb Available in Paging File | 77.16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1356.17 Gb Total Space | 1205.54 Gb Free Space | 88.89% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 20.92 Gb Free Space | 52.30% Space Free | Partition Type: NTFS

 

Computer Name: MEDION-PC | User Name: Anja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/02/14 18:46:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe

PRC - [2012/01/25 22:27:18 | 003,466,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2633870-x64.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/10/26 14:41:40 | 000,078,912 | ---- | M] (Microsoft Corporation) -- c:\4201b8115f80b4fa9aa994\Setup.exe

PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/03/11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2011/03/11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/06 07:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/04/08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe

PRC - [2008/12/09 19:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012/01/01 00:39:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll

MOD - [2011/10/16 08:17:41 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll

MOD - [2011/10/16 08:17:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll

MOD - [2011/10/14 07:47:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/10/14 07:47:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/10/14 07:46:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011/10/14 07:46:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/10/14 07:46:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011/10/14 07:46:48 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/10/14 07:46:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/01/26 23:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/03/11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2011/03/11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2010/11/06 07:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/08 12:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)

SRV - [2008/12/09 19:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/01/04 15:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver)

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/11/28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2011/11/28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2011/11/28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)

DRV:64bit: - [2011/11/28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2011/11/28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2011/11/28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/03/11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/05 00:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2011/03/05 00:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2011/02/16 17:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/01/27 00:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/01/26 23:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/11/25 05:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)

DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/17 13:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/09/23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009/08/13 04:21:46 | 000,044,032 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVPolCIR.sys -- (AVPolCIR)

DRV:64bit: - [2009/08/13 04:21:40 | 000,364,800 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerPola.sys -- (AVerPola)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/05/01 15:44:46 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0109.sys -- (SaiH0109)

DRV:64bit: - [2007/05/01 15:44:46 | 000,034,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0109.sys -- (SaiU0109)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com

IE - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.searchEnginesURL: "hxxp://www.google.de/search?q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/26 14:06:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 22:04:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/01/17 20:32:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

 

[2011/07/21 12:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions

[2012/02/02 09:49:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\7zyldyxz.default\extensions

[2012/02/02 09:49:06 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\7zyldyxz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2011/11/08 21:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011/12/26 14:06:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

() (No name found) -- C:\USERS\ANJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7ZYLDYXZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/02/11 22:04:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/09/30 18:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/09/30 18:24:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/09/30 18:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/09/30 18:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/09/30 18:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/09/30 18:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D57DF83-3E21-4B22-A6E2-E0F9784E05AC}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{552D904D-FB8D-4412-BADB-212F1E5E7E88}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVer HID Receiver.lnk - C:\PROGRA~2\COMMON~1\AVERME~1\AVERQU~1\AVERHI~1.EXE - ()

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AVerQuick.lnk - C:\PROGRA~2\COMMON~1\AVERME~1\AVERQU~1\AVERQU~1.EXE - (AVerMedia TECHNOLOGIES, Inc.)

MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

MsConfig:64bit - StartUpReg: ffdwnd - hkey= - key= - C:\Users\Anja\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.siren -  File not found

Drivers32:64bit: vidc.cvid -  File not found

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )

Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/16 17:09:27 | 000,000,000 | ---D | C] -- C:\4201b8115f80b4fa9aa994

[2012/02/16 17:09:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/02/15 21:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/14 19:36:19 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Anja\Desktop\tdsskiller.exe

[2012/02/14 18:46:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe

[2012/02/14 17:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012/02/14 17:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012/02/14 17:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2012/02/14 17:43:44 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Malwarebytes

[2012/02/14 17:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/14 17:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/14 17:43:35 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/14 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/02/14 15:37:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer

[2012/02/14 15:37:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer

[2012/02/09 15:02:01 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\FFOutput

[2012/02/09 14:54:56 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012/02/09 14:53:00 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory

[2012/02/09 14:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime

[2012/02/09 14:33:54 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\{0FD8A878-A750-47A6-882F-70DF11825285}

[2012/02/04 23:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe

[2012/02/04 23:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012/02/04 23:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012/02/04 22:53:55 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/02/04 22:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant

[2012/02/04 18:43:05 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\[Verschiedenes]

[2012/02/04 18:40:49 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Projekte

[2012/02/01 20:31:37 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\mkvtoolnix

[2012/02/01 19:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix

[2012/02/01 19:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKVToolNix

[2012/02/01 19:25:33 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

[2012/02/01 19:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5

[2012/02/01 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5

[2012/02/01 18:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2012/02/01 14:07:17 | 000,000,000 | ---D | C] -- C:\Users\Anja\Documents\Sony Vegas Projektdateien

[2012/01/31 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Publish Providers

[2012/01/31 17:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2012/01/31 17:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2012/01/31 17:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony

[2012/01/31 17:26:56 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

[2012/01/31 17:26:56 | 000,148,992 | ---- | C] ( ) -- C:\Windows\SysNative\lagarith.dll

[2012/01/31 17:11:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2012/01/31 17:11:43 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Sony

[2012/01/31 17:10:43 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Sony

[2012/01/31 12:13:05 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\avidemux

[2012/01/31 12:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5

[2012/01/22 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\Opera

[2012/01/22 17:36:47 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Local\Opera

[2012/01/22 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2012/01/20 12:28:31 | 000,000,000 | ---D | C] -- C:\Users\Anja\AppData\Roaming\FireShot

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/02/16 17:10:33 | 001,521,350 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/16 17:10:33 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012/02/16 17:10:33 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/16 17:10:33 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012/02/16 17:10:33 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/16 17:09:07 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/02/16 17:09:05 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/16 17:09:05 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/16 17:04:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/16 17:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/16 17:00:36 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/15 17:39:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/14 19:36:24 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Anja\Desktop\tdsskiller.exe

[2012/02/14 18:46:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Anja\Desktop\OTL.exe

[2012/02/14 17:57:55 | 000,001,266 | ---- | M] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk

[2012/02/14 17:43:37 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/14 15:37:13 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012/02/09 15:01:04 | 000,002,662 | ---- | M] () -- C:\Users\Anja\Desktop\3D - Blender.lnk

[2012/02/09 14:53:00 | 000,001,206 | ---- | M] () -- C:\Users\Anja\Desktop\Format Factory.lnk

[2012/02/05 09:02:31 | 004,957,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/02/04 23:40:21 | 000,001,745 | ---- | M] () -- C:\Users\Anja\Desktop\Photoshop CS5.1.lnk

[2012/02/01 22:11:14 | 000,006,361 | ---- | M] () -- C:\Users\Anja\Desktop\MeGUI.lnk

[2012/02/01 20:31:26 | 000,001,888 | ---- | M] () -- C:\Users\Anja\Desktop\mkvmerge GUI.lnk

[2012/02/01 12:47:06 | 000,004,030 | ---- | M] () -- C:\Users\Anja\Desktop\LP FFVII-DoC.lnk

[2012/01/31 17:30:29 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 11.0.lnk

[2012/01/31 17:26:56 | 000,001,990 | ---- | M] () -- C:\Windows\unins000.dat

[2012/01/31 17:26:54 | 000,715,038 | ---- | M] () -- C:\Windows\unins000.exe

[2012/01/31 12:12:57 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk

[2012/01/27 00:35:53 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/01/22 17:36:45 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/02/14 17:57:55 | 000,001,266 | ---- | C] () -- C:\Users\Anja\Desktop\Spybot - Search & Destroy.lnk

[2012/02/14 17:43:37 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/14 15:37:13 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk

[2012/02/09 15:01:04 | 000,002,662 | ---- | C] () -- C:\Users\Anja\Desktop\3D - Blender.lnk

[2012/02/09 14:53:00 | 000,001,206 | ---- | C] () -- C:\Users\Anja\Desktop\Format Factory.lnk

[2012/02/04 23:40:21 | 000,001,745 | ---- | C] () -- C:\Users\Anja\Desktop\Photoshop CS5.1.lnk

[2012/02/04 23:36:49 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk

[2012/02/04 23:36:11 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk

[2012/02/04 23:34:40 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk

[2012/02/04 23:34:17 | 000,001,286 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk

[2012/02/04 23:33:20 | 000,001,387 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk

[2012/02/04 23:33:09 | 000,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk

[2012/02/04 23:32:48 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2012/02/04 22:53:53 | 000,001,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk

[2012/02/01 22:11:14 | 000,006,361 | ---- | C] () -- C:\Users\Anja\Desktop\MeGUI.lnk

[2012/02/01 20:31:26 | 000,001,888 | ---- | C] () -- C:\Users\Anja\Desktop\mkvmerge GUI.lnk

[2012/02/01 12:47:06 | 000,004,030 | ---- | C] () -- C:\Users\Anja\Desktop\LP FFVII-DoC.lnk

[2012/01/31 17:30:29 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 11.0.lnk

[2012/01/31 17:26:56 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe

[2012/01/31 17:26:56 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat

[2012/01/31 12:12:57 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Avidemux 2.5.lnk

[2012/01/22 17:36:45 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2012/01/22 17:36:45 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk

[2012/01/17 11:31:43 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll

[2012/01/17 11:31:43 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys

[2012/01/17 11:31:29 | 000,598,016 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll

[2012/01/17 11:31:29 | 000,307,200 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll

[2012/01/17 11:31:29 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll

[2012/01/17 11:31:29 | 000,290,816 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll

[2012/01/17 11:31:29 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll

[2012/01/17 11:31:29 | 000,225,280 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll

[2012/01/17 11:31:29 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll

[2012/01/02 11:54:50 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012/01/02 11:54:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2011/07/21 11:56:19 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/20 15:53:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/12/21 03:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011/12/03 13:05:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\.minecraft

[2012/02/02 18:17:37 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Audacity

[2011/10/11 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Auslogics

[2012/02/01 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\avidemux

[2012/02/04 22:53:55 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/01/20 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\FireShot

[2012/02/01 23:17:43 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\ICQ

[2011/07/21 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\LolClient

[2011/08/16 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Miranda

[2012/02/01 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\mkvtoolnix

[2011/07/26 22:36:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org

[2012/01/22 17:36:47 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Opera

[2012/01/31 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Publish Providers

[2012/01/19 23:01:27 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client

[2012/01/31 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Sony

[2011/07/26 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Thunderbird

[2011/07/21 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TP

[2011/12/04 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TS3Client

[2011/09/29 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\ts3overlay

[2012/01/14 17:28:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011/12/03 13:05:00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\.minecraft

[2012/02/04 23:41:48 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Adobe

[2011/07/21 11:14:01 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\ATI

[2012/02/02 18:17:37 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Audacity

[2011/10/11 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Auslogics

[2012/02/01 15:36:42 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\avidemux

[2012/01/02 12:14:48 | 000,000,000 | R--D | M] -- C:\Users\Anja\AppData\Roaming\Brother

[2012/02/04 22:53:55 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/01/20 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\FireShot

[2012/02/01 23:17:43 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\ICQ

[2011/07/21 11:13:30 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Identities

[2012/01/02 11:52:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\InstallShield

[2011/07/21 11:14:12 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Intel Corporation

[2011/07/21 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\LolClient

[2011/02/10 21:48:57 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Macromedia

[2012/02/14 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Malwarebytes

[2010/11/21 08:16:41 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Media Center Programs

[2012/01/03 18:46:13 | 000,000,000 | --SD | M] -- C:\Users\Anja\AppData\Roaming\Microsoft

[2011/08/16 18:47:29 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Miranda

[2012/02/01 20:31:37 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\mkvtoolnix

[2011/07/21 12:11:49 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Mozilla

[2011/07/26 22:36:31 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org

[2012/01/22 17:36:47 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Opera

[2012/01/31 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Publish Providers

[2012/01/18 20:37:44 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Skype

[2012/01/19 23:01:27 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\SoftGrid Client

[2012/01/31 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Sony

[2011/07/26 09:32:36 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Thunderbird

[2011/07/21 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TP

[2011/12/04 22:15:58 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TS3Client

[2011/09/29 18:55:53 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\ts3overlay

[2012/02/02 12:04:29 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\vlc

[2011/07/22 08:35:35 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012/01/22 15:59:26 | 000,141,312 | ---- | M] (getfireshot.com) -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\7zyldyxz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe

[2012/01/22 15:59:20 | 000,068,096 | ---- | M] (getfireshot.com) -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\7zyldyxz.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: AHCIX86S.SYS  >

[2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_821\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys

[2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_821\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys

[2010/11/06 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
 

< End of report >

Die Extras.txt muss ich in den nächsten Beitrag packen, ist sonst "zu lang".

Extras.txt

Code:

OTL Extras logfile created on: 2/16/2012 5:10:52 PM - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Anja\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.98 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 58.88% Memory free

7.96 Gb Paging File | 6.14 Gb Available in Paging File | 77.16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1356.17 Gb Total Space | 1205.54 Gb Free Space | 88.89% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 20.92 Gb Free Space | 52.30% Space Free | Partition Type: NTFS

 

Computer Name: MEDION-PC | User Name: Anja | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources

"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)

"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources

"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit

"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010

"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources

"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D587747C-370E-E29D-250C-079703113FF0}" = ATI Catalyst Install Manager

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources

"{FB2E135E-6189-7608-4EDD-DC783BEC480C}" = ccc-utility64

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.01 (64-Bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5

"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack

"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack

"{0C8CBFEE-408E-11E1-83AF-F04DA23A5C58}" = Vegas Pro 11.0

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F733E11-408E-11E1-B5FE-F04DA23A5C58}" = MSVCRT Redists

"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail

"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{1761C93A-5ACC-C65C-3926-C157345E800A}" = CCC Help Spanish

"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19FB599E-070D-6A0F-0139-EF2348BAB108}" = CCC Help English

"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer

"{2000D0AC-65F6-05F7-4C47-B2F0BB7DEC24}" = CCC Help Dutch

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24

"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2C5D751A-0EFB-4EFB-B2E0-86EA580E3180}" = CCC Help Japanese

"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger

"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data

"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery

"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer

"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack

"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{58DE8215-740D-109B-C7AE-9CB4D37EE2AC}" = CCC Help Swedish

"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content

"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{614B82E8-8DC2-8F12-3986-F8B76ECE1A9E}" = ccc-core-static

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail

"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker

"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components

"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh

"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common

"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz

"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer

"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed

"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár

"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh

"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live

"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live

"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7DF95FC3-D6A2-8CFA-39F3-ABD3EE2EA542}" = CCC Help French

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources

"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials

"{82817D55-8A4B-F8FC-2A34-4A054C722FC4}" = CCC Help Italian

"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common

"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch

"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1

"{91DCFF5C-6FF9-A16C-6274-788121661298}" = CCC Help Finnish

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F379330-2044-11E1-937A-005056C00008}" = MSVCRT Redists

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker

"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite DCP-150C

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A8BFA0D1-5196-2297-5559-9C5714BEDEB5}" = CCC Help German

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB27FA31-596C-47EB-2361-727D0EB0B21D}" = CCC Help Danish

"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.2) MUI

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail

"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi

"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker

"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh

"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live

"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave

"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery

"{D0B2077E-527A-20FA-F5EE-74A4FDA58E25}" = CCC Help Norwegian

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3A021C2-3EB9-CB16-C0A3-9244200623C1}" = Catalyst Control Center InstallProxy

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer

"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live

"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger

"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES

"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources

"{EA6D16E9-9669-9A50-019A-0508AD15BF92}" = Catalyst Control Center Localization All

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files

"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F59AC46C-10C3-4023-882C-4212A92283B3}_is1" = Lagarith Lossless Codec (1.3.27)

"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις

"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"1489-3350-5074-6281" = JDownloader 0.9

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer

"Ashampoo Snap_is1" = Ashampoo Snap

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)

"avast" = avast! Free Antivirus

"AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0

"AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.64.25

"Avidemux 2.5 (64-bit)" = Avidemux 2.5

"AviSynth" = AviSynth 2.5

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"ESET Online Scanner" = ESET Online Scanner v3

"FormatFactory" = FormatFactory 2.90

"Fraps" = Fraps (remove only)

"GridinSoft Trojan Killer" = Trojan Killer

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"LAME for Audacity_is1" = LAME v3.98.3 for Audacity

"LOLReplay" = LOLReplay

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"MKVToolNix" = MKVToolNix 5.2.1

"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)

"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)

"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010

"Opera 11.61.1250" = Opera 11.61

"ShiftWindow_is1" = ShiftWindow 1.02

"VLC media player" = VLC media player 1.1.11

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Lufia - Birth of a Legend" = Lufia - Birth of a Legend

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 1/17/2012 6:10:13 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:13.652]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:15 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:15.152]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:16 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:16.652]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:18 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:18.153]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:19 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:19.653]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:21 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:21.153]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:22 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:22.653]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:24 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:24.153]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:25 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:25.653]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

Error - 1/17/2012 6:10:27 PM | Computer Name = Medion-PC | Source = Brother BrLog | ID = 1001

Description = WDLMW BrtWDLMW: [2012/01/17 23:10:27.153]: [00003612]: lperrcode->api

 = 1 , lperrcode->code = 2   

 

[ System Events ]

Error - 2/15/2012 6:07:46 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/15/2012 6:12:38 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/15/2012 6:12:38 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/15/2012 6:12:38 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/15/2012 6:14:54 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/15/2012 6:14:54 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/15/2012 6:14:54 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der

 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068

 

Error - 2/16/2012 12:01:53 PM | Computer Name = Medion-PC | Source = bowser | ID = 8003

Description = 

 

Error - 2/16/2012 12:03:18 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7024

Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem

 Fehler beendet: %%-1073473535.

 

Error - 2/16/2012 12:03:18 PM | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits

 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:

 Neustart des Diensts.

 

 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

MsConfig:64bit - StartUpReg: ffdwnd - hkey= - key= - C:\Users\Anja\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Ich stelle gerade fest, dass mein Computer anscheinend im Hintergrund Updates installiert hat und fordert mich zum Neustart auf. Hat das irgendwelche Auswirkungen auf die OTL Prozedur und soll ich ggf. den OTL-Scan nochmal neu durchführen (nach Neustart) bevor ich den Fix mache?

Nein du kannst den Fix machen

Das geöffnete Log nach dem Neustart:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2789753871-3362748990-2566838495-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2789753871-3362748990-2566838495-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ffdwnd\ not found.

ADS C:\ProgramData\Temp:07BF512B deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Anja

->Temp folder emptied: 5274 bytes

->Temporary Internet Files folder emptied: 6531465 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49624779 bytes

->Opera cache emptied: 8451002 bytes

->Flash cache emptied: 1520 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: user

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 15858710 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 77.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02162012_224552
 

Files\Folders moved on Reboot...

C:\Users\Anja\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SNATIVAG\background-banner-middle-v45[1].jpg moved successfully.

C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMF5U69X\list-item-plus[1].png moved successfully.

C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAXFQ1\background-banner-right-v45[1].jpg moved successfully.

C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIYAXFQ1\background_banner_green_50_v45[1].jpg moved successfully.

C:\Users\Anja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFEHTRUC\background_button_green_full[1].png moved successfully.
 

Registry entries deleted on Reboot...

Hm, eine Datei wurde nicht gelöscht. Navigier bitte mal zum Pfad

C:\Users\Anja\AppData\Local\Mozilla\Firefox\

Und lösch da die firefox.exe

Das ist nicht der Browser Firefox! Diese firefox.exe im o.g. Pfad ist en Schädling der sich als firefox.exe tarnt! Also diese firefox.exe im o.g. Pfad auch NICHT ausführen (doppelklicken)!!

Ja, das war mir bewusst. Ich habe die Datei von Anfang an unter Verdacht gehabt. Endlich darf ich Hand anlegen! :3 Gesagt getan, ist gelöscht.
Ist die Geschichte damit erledigt oder gibt es noch mehr zu tun?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

TDSS-Killer Log

Code:

10:40:56.0514 4728        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

10:40:56.0620 4728        ============================================================

10:40:56.0620 4728        Current date / time: 2012/02/17 10:40:56.0620

10:40:56.0620 4728        SystemInfo:

10:40:56.0620 4728        

10:40:56.0620 4728        OS Version: 6.1.7601 ServicePack: 1.0

10:40:56.0620 4728        Product type: Workstation

10:40:56.0620 4728        ComputerName: MEDION-PC

10:40:56.0620 4728        UserName: Anja

10:40:56.0620 4728        Windows directory: C:\Windows

10:40:56.0620 4728        System windows directory: C:\Windows

10:40:56.0620 4728        Running under WOW64

10:40:56.0620 4728        Processor architecture: Intel x64

10:40:56.0620 4728        Number of processors: 4

10:40:56.0620 4728        Page size: 0x1000

10:40:56.0620 4728        Boot type: Normal boot

10:40:56.0620 4728        ============================================================

10:40:56.0957 4728        Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:40:56.0971 4728        \Device\Harddisk0\DR0:

10:40:56.0971 4728        MBR used

10:40:56.0971 4728        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:40:56.0971 4728        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800

10:40:56.0971 4728        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000

10:40:57.0102 4728        Initialize success

10:40:57.0102 4728        ============================================================

10:42:19.0061 4980        ============================================================

10:42:19.0061 4980        Scan started

10:42:19.0061 4980        Mode: Manual; SigCheck; TDLFS; 

10:42:19.0061 4980        ============================================================

10:42:19.0466 4980        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:42:19.0529 4980        1394ohci - ok

10:42:19.0544 4980        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:42:19.0560 4980        ACPI - ok

10:42:19.0576 4980        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:42:19.0607 4980        AcpiPmi - ok

10:42:19.0654 4980        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:42:19.0669 4980        adp94xx - ok

10:42:19.0685 4980        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:42:19.0700 4980        adpahci - ok

10:42:19.0716 4980        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:42:19.0732 4980        adpu320 - ok

10:42:19.0763 4980        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:42:19.0825 4980        AFD - ok

10:42:19.0856 4980        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:42:19.0872 4980        agp440 - ok

10:42:19.0903 4980        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:42:19.0919 4980        aliide - ok

10:42:19.0950 4980        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:42:19.0966 4980        amdide - ok

10:42:19.0981 4980        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:42:20.0012 4980        AmdK8 - ok

10:42:20.0184 4980        amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys

10:42:20.0402 4980        amdkmdag - ok

10:42:20.0434 4980        amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys

10:42:20.0434 4980        amdkmdap - ok

10:42:20.0480 4980        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:42:20.0512 4980        AmdPPM - ok

10:42:20.0543 4980        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:42:20.0558 4980        amdsata - ok

10:42:20.0621 4980        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:42:20.0636 4980        amdsbs - ok

10:42:20.0668 4980        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:42:20.0683 4980        amdxata - ok

10:42:20.0699 4980        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:42:20.0761 4980        AppID - ok

10:42:20.0792 4980        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:42:20.0808 4980        arc - ok

10:42:20.0824 4980        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:42:20.0824 4980        arcsas - ok

10:42:20.0870 4980        asmthub3        (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\DRIVERS\asmthub3.sys

10:42:20.0886 4980        asmthub3 - ok

10:42:20.0902 4980        asmtxhci        (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\DRIVERS\asmtxhci.sys

10:42:20.0917 4980        asmtxhci - ok

10:42:20.0964 4980        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys

10:42:20.0980 4980        aswFsBlk - ok

10:42:21.0042 4980        aswMonFlt       (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys

10:42:21.0058 4980        aswMonFlt - ok

10:42:21.0073 4980        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys

10:42:21.0073 4980        aswRdr - ok

10:42:21.0104 4980        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys

10:42:21.0120 4980        aswSnx - ok

10:42:21.0151 4980        aswSP           (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys

10:42:21.0167 4980        aswSP - ok

10:42:21.0182 4980        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys

10:42:21.0198 4980        aswTdi - ok

10:42:21.0198 4980        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:42:21.0245 4980        AsyncMac - ok

10:42:21.0307 4980        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:42:21.0307 4980        atapi - ok

10:42:21.0354 4980        AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys

10:42:21.0370 4980        AtiHDAudioService - ok

10:42:21.0432 4980        AVerPola        (44327da6a9c742cf4fa2b79fdb1bd1d3) C:\Windows\system32\DRIVERS\AVerPola.sys

10:42:21.0494 4980        AVerPola - ok

10:42:21.0526 4980        AVPolCIR        (95f6d5e1bd731eca6e020c2ac5bfe7fb) C:\Windows\system32\DRIVERS\AVPolCIR.sys

10:42:21.0557 4980        AVPolCIR - ok

10:42:21.0604 4980        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:42:21.0666 4980        b06bdrv - ok

10:42:21.0682 4980        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:42:21.0713 4980        b57nd60a - ok

10:42:21.0744 4980        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:42:21.0791 4980        Beep - ok

10:42:21.0838 4980        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:42:21.0853 4980        blbdrive - ok

10:42:21.0884 4980        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:42:21.0900 4980        bowser - ok

10:42:21.0916 4980        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:42:21.0962 4980        BrFiltLo - ok

10:42:21.0978 4980        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:42:21.0994 4980        BrFiltUp - ok

10:42:22.0025 4980        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:42:22.0056 4980        Brserid - ok

10:42:22.0072 4980        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:42:22.0103 4980        BrSerWdm - ok

10:42:22.0134 4980        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:42:22.0165 4980        BrUsbMdm - ok

10:42:22.0165 4980        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:42:22.0196 4980        BrUsbSer - ok

10:42:22.0212 4980        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:42:22.0243 4980        BTHMODEM - ok

10:42:22.0259 4980        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:42:22.0321 4980        cdfs - ok

10:42:22.0337 4980        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:42:22.0352 4980        cdrom - ok

10:42:22.0368 4980        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:42:22.0384 4980        circlass - ok

10:42:22.0430 4980        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:42:22.0477 4980        CLFS - ok

10:42:22.0508 4980        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

10:42:22.0540 4980        CmBatt - ok

10:42:22.0540 4980        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:42:22.0555 4980        cmdide - ok

10:42:22.0586 4980        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:42:22.0633 4980        CNG - ok

10:42:22.0649 4980        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

10:42:22.0664 4980        Compbatt - ok

10:42:22.0696 4980        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:42:22.0742 4980        CompositeBus - ok

10:42:22.0774 4980        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:42:22.0774 4980        crcdisk - ok

10:42:22.0805 4980        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:42:22.0867 4980        DfsC - ok

10:42:22.0883 4980        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:42:22.0914 4980        discache - ok

10:42:22.0945 4980        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:42:22.0961 4980        Disk - ok

10:42:22.0992 4980        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:42:23.0023 4980        drmkaud - ok

10:42:23.0070 4980        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:42:23.0101 4980        DXGKrnl - ok

10:42:23.0148 4980        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:42:23.0257 4980        ebdrv - ok

10:42:23.0273 4980        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:42:23.0288 4980        elxstor - ok

10:42:23.0304 4980        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:42:23.0351 4980        ErrDev - ok

10:42:23.0366 4980        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:42:23.0413 4980        exfat - ok

10:42:23.0444 4980        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:42:23.0491 4980        fastfat - ok

10:42:23.0507 4980        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

10:42:23.0522 4980        fdc - ok

10:42:23.0554 4980        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:42:23.0554 4980        FileInfo - ok

10:42:23.0569 4980        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:42:23.0600 4980        Filetrace - ok

10:42:23.0632 4980        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:42:23.0663 4980        flpydisk - ok

10:42:23.0678 4980        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:42:23.0710 4980        FltMgr - ok

10:42:23.0725 4980        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:42:23.0741 4980        FsDepends - ok

10:42:23.0756 4980        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

10:42:23.0772 4980        Fs_Rec - ok

10:42:23.0788 4980        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:42:23.0803 4980        fvevol - ok

10:42:23.0850 4980        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:42:23.0866 4980        gagp30kx - ok

10:42:23.0912 4980        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:42:23.0928 4980        hcw85cir - ok

10:42:23.0975 4980        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:42:24.0006 4980        HdAudAddService - ok

10:42:24.0037 4980        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:42:24.0053 4980        HDAudBus - ok

10:42:24.0068 4980        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:42:24.0100 4980        HidBatt - ok

10:42:24.0131 4980        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:42:24.0162 4980        HidBth - ok

10:42:24.0193 4980        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:42:24.0224 4980        HidIr - ok

10:42:24.0240 4980        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:42:24.0256 4980        HidUsb - ok

10:42:24.0287 4980        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:42:24.0302 4980        HpSAMD - ok

10:42:24.0318 4980        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:42:24.0365 4980        HTTP - ok

10:42:24.0396 4980        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:42:24.0396 4980        hwpolicy - ok

10:42:24.0427 4980        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:42:24.0443 4980        i8042prt - ok

10:42:24.0474 4980        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys

10:42:24.0474 4980        iaStor - ok

10:42:24.0552 4980        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:42:24.0568 4980        iaStorV - ok

10:42:24.0599 4980        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:42:24.0614 4980        iirsp - ok

10:42:24.0708 4980        IntcAzAudAddService (3e49dac8eefa6016aa2a6331bec866ae) C:\Windows\system32\drivers\RTKVHD64.sys

10:42:24.0802 4980        IntcAzAudAddService - ok

10:42:24.0833 4980        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:42:24.0833 4980        intelide - ok

10:42:24.0848 4980        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:42:24.0880 4980        intelppm - ok

10:42:24.0895 4980        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:42:24.0926 4980        IpFilterDriver - ok

10:42:24.0958 4980        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:42:25.0004 4980        IPMIDRV - ok

10:42:25.0020 4980        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:42:25.0082 4980        IPNAT - ok

10:42:25.0098 4980        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:42:25.0114 4980        IRENUM - ok

10:42:25.0129 4980        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:42:25.0145 4980        isapnp - ok

10:42:25.0160 4980        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:42:25.0160 4980        iScsiPrt - ok

10:42:25.0192 4980        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:42:25.0192 4980        kbdclass - ok

10:42:25.0207 4980        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

10:42:25.0223 4980        kbdhid - ok

10:42:25.0254 4980        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:42:25.0254 4980        KSecDD - ok

10:42:25.0270 4980        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:42:25.0285 4980        KSecPkg - ok

10:42:25.0301 4980        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:42:25.0332 4980        ksthunk - ok

10:42:25.0348 4980        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:42:25.0379 4980        lltdio - ok

10:42:25.0426 4980        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:42:25.0441 4980        LSI_FC - ok

10:42:25.0441 4980        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:42:25.0457 4980        LSI_SAS - ok

10:42:25.0457 4980        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:42:25.0472 4980        LSI_SAS2 - ok

10:42:25.0488 4980        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:42:25.0488 4980        LSI_SCSI - ok

10:42:25.0519 4980        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:42:25.0550 4980        luafv - ok

10:42:25.0597 4980        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

10:42:25.0597 4980        MBAMProtector - ok

10:42:25.0628 4980        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:42:25.0644 4980        megasas - ok

10:42:25.0691 4980        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:42:25.0706 4980        MegaSR - ok

10:42:25.0738 4980        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

10:42:25.0738 4980        MEIx64 - ok

10:42:25.0769 4980        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:42:25.0816 4980        Modem - ok

10:42:25.0831 4980        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:42:25.0847 4980        monitor - ok

10:42:25.0878 4980        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:42:25.0878 4980        mouclass - ok

10:42:25.0894 4980        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:42:25.0909 4980        mouhid - ok

10:42:25.0925 4980        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:42:25.0940 4980        mountmgr - ok

10:42:25.0956 4980        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:42:25.0956 4980        mpio - ok

10:42:25.0972 4980        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:42:26.0018 4980        mpsdrv - ok

10:42:26.0034 4980        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:42:26.0065 4980        MRxDAV - ok

10:42:26.0081 4980        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:42:26.0096 4980        mrxsmb - ok

10:42:26.0128 4980        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:42:26.0143 4980        mrxsmb10 - ok

10:42:26.0159 4980        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:42:26.0174 4980        mrxsmb20 - ok

10:42:26.0190 4980        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:42:26.0206 4980        msahci - ok

10:42:26.0221 4980        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:42:26.0221 4980        msdsm - ok

10:42:26.0237 4980        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:42:26.0284 4980        Msfs - ok

10:42:26.0315 4980        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:42:26.0377 4980        mshidkmdf - ok

10:42:26.0408 4980        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:42:26.0408 4980        msisadrv - ok

10:42:26.0440 4980        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:42:26.0486 4980        MSKSSRV - ok

10:42:26.0486 4980        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:42:26.0533 4980        MSPCLOCK - ok

10:42:26.0533 4980        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:42:26.0580 4980        MSPQM - ok

10:42:26.0642 4980        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:42:26.0658 4980        MsRPC - ok

10:42:26.0689 4980        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

10:42:26.0689 4980        mssmbios - ok

10:42:26.0689 4980        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:42:26.0720 4980        MSTEE - ok

10:42:26.0736 4980        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

10:42:26.0752 4980        MTConfig - ok

10:42:26.0767 4980        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:42:26.0767 4980        Mup - ok

10:42:26.0798 4980        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:42:26.0814 4980        NativeWifiP - ok

10:42:26.0845 4980        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:42:26.0876 4980        NDIS - ok

10:42:26.0892 4980        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:42:26.0923 4980        NdisCap - ok

10:42:26.0939 4980        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:42:26.0970 4980        NdisTapi - ok

10:42:26.0986 4980        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:42:27.0017 4980        Ndisuio - ok

10:42:27.0032 4980        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:42:27.0064 4980        NdisWan - ok

10:42:27.0064 4980        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:42:27.0095 4980        NDProxy - ok

10:42:27.0110 4980        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:42:27.0142 4980        NetBIOS - ok

10:42:27.0157 4980        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:42:27.0188 4980        NetBT - ok

10:42:27.0220 4980        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:42:27.0235 4980        nfrd960 - ok

10:42:27.0251 4980        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:42:27.0282 4980        Npfs - ok

10:42:27.0298 4980        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:42:27.0329 4980        nsiproxy - ok

10:42:27.0376 4980        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:42:27.0407 4980        Ntfs - ok

10:42:27.0422 4980        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:42:27.0454 4980        Null - ok

10:42:27.0641 4980        nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:42:27.0890 4980        nvlddmkm - ok

10:42:27.0922 4980        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:42:27.0937 4980        nvraid - ok

10:42:27.0968 4980        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:42:27.0984 4980        nvstor - ok

10:42:28.0031 4980        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:42:28.0046 4980        nv_agp - ok

10:42:28.0078 4980        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:42:28.0109 4980        ohci1394 - ok

10:42:28.0140 4980        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:42:28.0171 4980        Parport - ok

10:42:28.0202 4980        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

10:42:28.0218 4980        partmgr - ok

10:42:28.0234 4980        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:42:28.0249 4980        pci - ok

10:42:28.0265 4980        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:42:28.0265 4980        pciide - ok

10:42:28.0296 4980        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:42:28.0296 4980        pcmcia - ok

10:42:28.0327 4980        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:42:28.0327 4980        pcw - ok

10:42:28.0358 4980        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:42:28.0405 4980        PEAUTH - ok

10:42:28.0421 4980        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:42:28.0468 4980        PptpMiniport - ok

10:42:28.0483 4980        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:42:28.0499 4980        Processor - ok

10:42:28.0514 4980        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:42:28.0561 4980        Psched - ok

10:42:28.0608 4980        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:42:28.0639 4980        ql2300 - ok

10:42:28.0670 4980        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:42:28.0686 4980        ql40xx - ok

10:42:28.0702 4980        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:42:28.0748 4980        QWAVEdrv - ok

10:42:28.0764 4980        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:42:28.0826 4980        RasAcd - ok

10:42:28.0842 4980        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:42:28.0889 4980        RasAgileVpn - ok

10:42:28.0904 4980        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:42:28.0920 4980        Rasl2tp - ok

10:42:28.0936 4980        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:42:28.0967 4980        RasPppoe - ok

10:42:28.0982 4980        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:42:29.0014 4980        RasSstp - ok

10:42:29.0045 4980        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:42:29.0076 4980        rdbss - ok

10:42:29.0092 4980        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

10:42:29.0123 4980        rdpbus - ok

10:42:29.0123 4980        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:42:29.0154 4980        RDPCDD - ok

10:42:29.0185 4980        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:42:29.0310 4980        RDPENCDD - ok

10:42:29.0310 4980        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:42:29.0341 4980        RDPREFMP - ok

10:42:29.0357 4980        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

10:42:29.0388 4980        RDPWD - ok

10:42:29.0450 4980        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:42:29.0466 4980        rdyboost - ok

10:42:29.0497 4980        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:42:29.0544 4980        rspndr - ok

10:42:29.0606 4980        RTL8167         (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:42:29.0622 4980        RTL8167 - ok

10:42:29.0669 4980        RTL8192su       (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys

10:42:29.0684 4980        RTL8192su - ok

10:42:29.0731 4980        SaiH0109        (248abd858ff7dcc966e5a54529ddd225) C:\Windows\system32\DRIVERS\SaiH0109.sys

10:42:29.0747 4980        SaiH0109 - ok

10:42:29.0762 4980        SaiU0109        (547b16d072a3afce5807be20c3f4734b) C:\Windows\system32\DRIVERS\SaiU0109.sys

10:42:29.0794 4980        SaiU0109 - ok

10:42:29.0825 4980        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:42:29.0840 4980        sbp2port - ok

10:42:29.0856 4980        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:42:29.0918 4980        scfilter - ok

10:42:29.0934 4980        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:42:29.0950 4980        secdrv - ok

10:42:29.0981 4980        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

10:42:30.0012 4980        Serenum - ok

10:42:30.0028 4980        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

10:42:30.0043 4980        Serial - ok

10:42:30.0074 4980        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:42:30.0090 4980        sermouse - ok

10:42:30.0121 4980        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:42:30.0137 4980        sffdisk - ok

10:42:30.0152 4980        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:42:30.0152 4980        sffp_mmc - ok

10:42:30.0168 4980        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:42:30.0184 4980        sffp_sd - ok

10:42:30.0199 4980        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:42:30.0215 4980        sfloppy - ok

10:42:30.0262 4980        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:42:30.0293 4980        Sftfs - ok

10:42:30.0340 4980        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:42:30.0355 4980        Sftplay - ok

10:42:30.0371 4980        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:42:30.0386 4980        Sftredir - ok

10:42:30.0402 4980        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:42:30.0418 4980        Sftvol - ok

10:42:30.0464 4980        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:42:30.0464 4980        SiSRaid2 - ok

10:42:30.0496 4980        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:42:30.0511 4980        SiSRaid4 - ok

10:42:30.0527 4980        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:42:30.0558 4980        Smb - ok

10:42:30.0589 4980        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:42:30.0589 4980        spldr - ok

10:42:30.0636 4980        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:42:30.0683 4980        srv - ok

10:42:30.0714 4980        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:42:30.0730 4980        srv2 - ok

10:42:30.0761 4980        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:42:30.0776 4980        srvnet - ok

10:42:30.0808 4980        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:42:30.0823 4980        stexstor - ok

10:42:30.0854 4980        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

10:42:30.0870 4980        swenum - ok

10:42:30.0948 4980        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

10:42:31.0026 4980        Tcpip - ok

10:42:31.0057 4980        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

10:42:31.0088 4980        TCPIP6 - ok

10:42:31.0104 4980        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:42:31.0151 4980        tcpipreg - ok

10:42:31.0166 4980        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:42:31.0198 4980        TDPIPE - ok

10:42:31.0198 4980        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

10:42:31.0229 4980        TDTCP - ok

10:42:31.0244 4980        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:42:31.0276 4980        tdx - ok

10:42:31.0322 4980        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

10:42:31.0338 4980        TermDD - ok

10:42:31.0369 4980        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:42:31.0400 4980        tssecsrv - ok

10:42:31.0400 4980        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:42:31.0416 4980        TsUsbFlt - ok

10:42:31.0432 4980        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:42:31.0447 4980        TsUsbGD - ok

10:42:31.0463 4980        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:42:31.0510 4980        tunnel - ok

10:42:31.0525 4980        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:42:31.0525 4980        uagp35 - ok

10:42:31.0556 4980        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:42:31.0588 4980        udfs - ok

10:42:31.0619 4980        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:42:31.0619 4980        uliagpkx - ok

10:42:31.0650 4980        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:42:31.0666 4980        umbus - ok

10:42:31.0712 4980        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

10:42:31.0728 4980        UmPass - ok

10:42:31.0759 4980        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

10:42:31.0775 4980        usbaudio - ok

10:42:31.0790 4980        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:42:31.0822 4980        usbccgp - ok

10:42:31.0837 4980        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:42:31.0868 4980        usbcir - ok

10:42:31.0884 4980        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

10:42:31.0900 4980        usbehci - ok

10:42:31.0915 4980        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:42:31.0946 4980        usbhub - ok

10:42:31.0962 4980        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:42:31.0993 4980        usbohci - ok

10:42:32.0009 4980        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:42:32.0024 4980        usbprint - ok

10:42:32.0056 4980        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

10:42:32.0071 4980        usbscan - ok

10:42:32.0087 4980        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:42:32.0102 4980        USBSTOR - ok

10:42:32.0118 4980        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:42:32.0134 4980        usbuhci - ok

10:42:32.0149 4980        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:42:32.0165 4980        vdrvroot - ok

10:42:32.0180 4980        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:42:32.0196 4980        vga - ok

10:42:32.0212 4980        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:42:32.0243 4980        VgaSave - ok

10:42:32.0274 4980        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:42:32.0290 4980        vhdmp - ok

10:42:32.0305 4980        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:42:32.0321 4980        viaide - ok

10:42:32.0336 4980        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:42:32.0352 4980        volmgr - ok

10:42:32.0368 4980        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:42:32.0383 4980        volmgrx - ok

10:42:32.0399 4980        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:42:32.0414 4980        volsnap - ok

10:42:32.0446 4980        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:42:32.0446 4980        vsmraid - ok

10:42:32.0477 4980        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:42:32.0492 4980        vwifibus - ok

10:42:32.0539 4980        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:42:32.0555 4980        vwififlt - ok

10:42:32.0586 4980        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:42:32.0602 4980        WacomPen - ok

10:42:32.0633 4980        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:42:32.0680 4980        WANARP - ok

10:42:32.0680 4980        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:42:32.0695 4980        Wanarpv6 - ok

10:42:32.0711 4980        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:42:32.0726 4980        Wd - ok

10:42:32.0742 4980        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:42:32.0758 4980        Wdf01000 - ok

10:42:32.0773 4980        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:42:32.0804 4980        WfpLwf - ok

10:42:32.0820 4980        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:42:32.0820 4980        WIMMount - ok

10:42:32.0851 4980        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:42:32.0867 4980        WmiAcpi - ok

10:42:32.0898 4980        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:42:32.0929 4980        ws2ifsl - ok

10:42:33.0023 4980        wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys

10:42:33.0038 4980        wsvd - ok

10:42:33.0070 4980        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:42:33.0116 4980        WudfPf - ok

10:42:33.0132 4980        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:42:33.0163 4980        WUDFRd - ok

10:42:33.0210 4980        MBR (0x1B8)     (5d949eea3beec2df38a2d7900ad89a60) \Device\Harddisk0\DR0

10:42:34.0910 4980        \Device\Harddisk0\DR0 - ok

10:42:34.0926 4980        Boot (0x1200)   (ed705ab412008ffb3d967c026fa11fd4) \Device\Harddisk0\DR0\Partition0

10:42:34.0926 4980        \Device\Harddisk0\DR0\Partition0 - ok

10:42:34.0942 4980        Boot (0x1200)   (3f8243c55a3dda5a2458cc2ba80e2f88) \Device\Harddisk0\DR0\Partition1

10:42:34.0942 4980        \Device\Harddisk0\DR0\Partition1 - ok

10:42:34.0988 4980        Boot (0x1200)   (6e7648a582adbaffa149e369159a07d4) \Device\Harddisk0\DR0\Partition2

10:42:34.0988 4980        \Device\Harddisk0\DR0\Partition2 - ok

10:42:34.0988 4980        ============================================================

10:42:34.0988 4980        Scan finished

10:42:34.0988 4980        ============================================================

10:42:35.0004 1328        Detected object count: 0

10:42:35.0004 1328        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

Meldung kam - Windows daraufhin neu gestartet - alles wieder ok.

combofix Log

Code:

ComboFix 12-02-16.02 - Anja 17.02.2012  12:09:44.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2770 [GMT 1:00]

ausgeführt von:: c:\users\Anja\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\pthreadVC.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-17 bis 2012-02-17  ))))))))))))))))))))))))))))))

.

.

2012-02-16 21:45 . 2012-02-16 21:45        --------        d-----w-        C:\_OTL

2012-02-15 20:07 . 2012-02-15 20:07        --------        d-----w-        c:\program files (x86)\ESET

2012-02-15 16:31 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-15 16:31 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll

2012-02-15 16:31 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-15 16:31 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl

2012-02-15 16:31 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 16:31 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys

2012-02-15 16:31 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-15 16:31 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll

2012-02-14 16:57 . 2012-02-16 21:45        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy

2012-02-14 16:57 . 2012-02-15 16:25        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2012-02-14 16:43 . 2012-02-14 16:43        --------        d-----w-        c:\users\Anja\AppData\Roaming\Malwarebytes

2012-02-14 16:43 . 2012-02-14 16:43        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-14 16:43 . 2012-02-14 16:43        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-14 16:43 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-09 13:52 . 2012-02-09 13:52        --------        d-----w-        c:\program files (x86)\FreeTime

2012-02-04 22:36 . 2012-02-04 22:36        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe

2012-02-04 22:34 . 2012-02-04 22:36        --------        d-----w-        c:\program files\Common Files\Adobe

2012-02-04 21:53 . 2012-02-04 21:53        --------        d-----w-        c:\users\Anja\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-02-04 21:53 . 2012-02-04 21:53        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant

2012-02-01 19:31 . 2012-02-01 19:31        --------        d-----w-        c:\users\Anja\AppData\Roaming\mkvtoolnix

2012-02-01 18:26 . 2012-02-01 18:27        --------        d-----w-        c:\program files (x86)\MKVToolNix

2012-02-01 18:25 . 2012-02-01 18:25        --------        d-----w-        c:\program files (x86)\AviSynth 2.5

2012-02-01 17:55 . 2012-02-01 17:55        --------        d-----w-        c:\programdata\DivX

2012-01-31 16:39 . 2012-01-31 16:39        --------        d-----w-        c:\users\Anja\AppData\Roaming\Publish Providers

2012-01-31 16:30 . 2012-01-31 16:30        --------        d-----w-        c:\programdata\Sony

2012-01-31 16:30 . 2012-01-31 16:30        --------        d-----w-        c:\program files (x86)\Sony

2012-01-31 16:26 . 2012-01-31 16:26        715038        ----a-w-        c:\windows\unins000.exe

2012-01-31 16:26 . 2011-12-07 18:37        148992        ----a-w-        c:\windows\system32\lagarith.dll

2012-01-31 16:26 . 2011-12-07 18:32        216064        ----a-w-        c:\windows\SysWow64\lagarith.dll

2012-01-31 16:11 . 2012-01-31 16:35        --------        d-----w-        c:\users\Anja\AppData\Local\Sony

2012-01-31 16:11 . 2012-01-31 16:11        --------        d-----w-        c:\windows\SysWow64\spool

2012-01-31 16:10 . 2012-01-31 16:49        --------        d-----w-        c:\users\Anja\AppData\Roaming\Sony

2012-01-31 11:13 . 2012-02-01 14:36        --------        d-----w-        c:\users\Anja\AppData\Roaming\avidemux

2012-01-31 11:12 . 2012-01-31 11:12        --------        d-----w-        c:\program files\Avidemux 2.5

2012-01-22 16:36 . 2012-01-22 16:36        --------        d-----w-        c:\users\Anja\AppData\Local\Opera

2012-01-22 16:36 . 2012-01-25 17:06        --------        d-----w-        c:\program files (x86)\Opera

2012-01-20 11:28 . 2012-01-20 11:28        --------        d-----w-        c:\users\Anja\AppData\Roaming\FireShot

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-07-21 10:49        41184        ----a-w-        c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-07-21 10:49        199816        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-07-21 10:50        256960        ----a-w-        c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-07-21 10:50        591192        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-07-21 10:50        304472        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-07-21 10:50        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-07-21 10:50        58712        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-07-21 10:50        66904        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-07-21 10:50        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2011-11-21 16:08 . 2011-07-29 06:32        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-19 14:58 . 2012-01-11 19:59        77312        ----a-w-        c:\windows\system32\packager.dll

2011-11-19 14:01 . 2012-01-11 19:59        67072        ----a-w-        c:\windows\SysWow64\packager.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"wave5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]

R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [x]

R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 SaiH0109;SaiH0109;c:\windows\system32\DRIVERS\SaiH0109.sys [x]

R3 SaiU0109;SaiU0109;c:\windows\system32\DRIVERS\SaiU0109.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]

S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-09 405504]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 10:08]

.

2012-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-21 10:08]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\7zyldyxz.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: keyword.URL - hxxp://www.google.de/search?q=

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-17  12:21:51 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-17 11:21

.

Vor Suchlauf: 12 Verzeichnis(se), 1.293.204.783.104 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 1.292.925.722.624 Bytes frei

.

- - End Of File - - E932CC307CA73F1818AD77EA1602800B

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

aswMBR.txt

Code:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software

Run date: 2012-02-17 14:20:31

-----------------------------

14:20:31.669    OS Version: Windows x64 6.1.7601 Service Pack 1

14:20:31.669    Number of processors: 4 586 0x2A07

14:20:31.669    ComputerName: MEDION-PC  UserName: Anja

14:20:33.838    Initialize success

14:20:34.025    AVAST engine defs: 12021700

14:21:46.482    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:21:46.482    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3

14:21:46.513    Disk 0 MBR read successfully

14:21:46.513    Disk 0 MBR scan

14:21:46.513    Disk 0 unknown MBR code

14:21:46.513    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

14:21:46.528    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1388713 MB offset 206848

14:21:46.575    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 2844291072

14:21:46.591    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152

14:21:46.591    Service scanning

14:21:47.948    Modules scanning

14:21:47.948    Disk 0 trace - called modules:

14:21:47.948    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

14:21:48.463    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f1060]

14:21:48.463    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004715050]

14:21:49.726    AVAST engine scan C:\Windows

14:21:53.096    AVAST engine scan C:\Windows\system32

14:23:25.916    AVAST engine scan C:\Windows\system32\drivers

14:23:33.950    AVAST engine scan C:\Users\Anja

14:28:28.136    AVAST engine scan C:\ProgramData

14:29:12.315    Scan finished successfully

14:29:27.291    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"

14:29:27.291    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR.txt"

Eine Abfrage zur Virendefinition kam bei mir nicht.

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

- MBR-Fix erledigt
- Windows neugestartet
- aswMBR gestartet und gescannt (wieder keine Abfrage zur Virendefinition, Avast war bei diesem Scan deaktiviert)

Hinweis: Ich habe vor beiden Scans die Einstellungen in aswMBR nicht verändert, "AV scan: QuickScan" war eingestellt.

Code:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software

Run date: 2012-02-17 14:50:49

-----------------------------

14:50:49.659    OS Version: Windows x64 6.1.7601 Service Pack 1

14:50:49.659    Number of processors: 4 586 0x2A07

14:50:49.659    ComputerName: MEDION-PC  UserName: Anja

14:50:51.437    Initialize success

14:50:51.531    AVAST engine defs: 12021700

14:51:02.404    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:51:02.404    Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 3

14:51:02.420    Disk 0 MBR read successfully

14:51:02.420    Disk 0 MBR scan

14:51:03.137    Disk 0 Windows 7 default MBR code

14:51:03.168    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

14:51:03.324    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1388713 MB offset 206848

14:51:03.371    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 2844291072

14:51:03.371    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 2928177152

14:51:03.387    Service scanning

14:51:05.399    Modules scanning

14:51:05.399    Disk 0 trace - called modules:

14:51:05.430    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

14:51:05.961    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065f2060]

14:51:05.961    3 CLASSPNP.SYS[fffff88001bca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ab8050]

14:51:08.004    AVAST engine scan C:\Windows

14:51:15.805    AVAST engine scan C:\Windows\system32

14:53:07.891    AVAST engine scan C:\Windows\system32\drivers

14:53:17.204    AVAST engine scan C:\Users\Anja

14:57:44.838    AVAST engine scan C:\ProgramData

14:58:44.180    Scan finished successfully

14:59:29.701    Disk 0 MBR has been saved successfully to "C:\Users\Anja\Desktop\MBR.dat"

14:59:29.701    The log file has been saved successfully to "C:\Users\Anja\Desktop\aswMBR (2).txt"

Nach was suchen wir eigentlich noch, oder ist das ein Routine-Check?

Ich such nach alles Möglichem. Man kann sich nie darauf verlassen, dass bei einer Infektion immer in fest definierten Ordnern oder Bereichen ist. Wär zu schön wenn das so einfach wäre :D deswegen muss man alles sehr gründlich absuchen.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gut, Scans sind durch.

Malwarebytes

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.17.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anja :: MEDION-PC [Administrator]
 

Schutz: Deaktiviert
 

17.02.2012 17:56:45

mbam-log-2012-02-17 (17-56-45).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 342191

Laufzeit: 29 Minute(n), 7 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SuperAntiSpyware

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 02/17/2012 at 07:28 PM
 

Application Version : 5.0.1144
 

Core Rules Database Version : 8258

Trace Rules Database Version: 6070
 

Scan type       : Complete Scan

Total Scan Time : 00:55:04
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 543

Memory threats detected   : 0

Registry items scanned    : 65393

Registry threats detected : 0

File items scanned        : 231991

File threats detected     : 0

Keine Funde! :daumenhoc
Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Soweit nicht, das war's. Vielen Dank! :dankeschoen:

Was mache ich nun mit den ganzen Programmen? Was davon kann bzw. sollte ich behalten und was wieder deinstallieren?

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Gut, ich werde überall noch nach Updates suchen und den AdobeReader deinstallieren.

ComboFix habe ich ohne Probleme deinstalliert.
Was ist mit SuperAntiSpyware? Wenn es sinnvoll ist, würde ich es behalten; den Wächter habe ich schon abgestellt. Oder brauche ich das Programm nicht unbedingt?

Du solltest SASW besser deinstallieren..

Ok, getan.
Noch was:
1. Ist es normal, dass auf C: noch ein ComboFix "Dateiordner" rumschwirrt und was mache ich damit?
2. Was mache ich mit dem "_OTL" Ordner? Kann ich den löschen?

Warum stört dich das ? Lösch es einfach

Ok, ich wollte sicherheitshalber vorher nachfragen. ;)
Das war's dann, danke nochmal!