Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   JS:Iframe-KQ [Trj] (https://www.trojaner-board.de/118833-js-iframe-kq-trj.html)

nirvfreak 08.07.2012 00:54
JS:Iframe-KQ [Trj]
 
Hallo habe mir laut Avast, einen Trojaner namens JS:Iframe-KQ [Trj] eingefangen.
Dateipfad ist
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\1\41

und

C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\udnyqyfl.default\Cache\C\93

Hab die Datein bei virustotal.com scannen lassen, dort haben (nur) 4 weitere Scanner einen Virus gefunden und zwar Sophos,Ikarus,Emsisoft und GDATA.

Nun ist meine Frage wie "bedrohlich" dieser Virus ist, was er macht und wie ich ihn losbekomme :D

Hab auch mal HijackThis drüber laufen lassen, ich habe auf den ersten Blick nichts auffäliges gesehen bin aber sicher auch kein Experte.

Bei mir laüft auch Spybot SD, der hat aber auch nichts gefunden.

So hier mal der HT log und schon mal ein Danke im Vorraus :D

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:51:45, on 08.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Sandboxie\SandboxieRpcSs.exe
C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
F:\Downloads\HiJackThis204.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

markusg 10.07.2012 22:06
hjt logs wollen wir keine sehen, ist auch oben so angepinnt.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

nirvfreak 11.07.2012 11:13
Danke für die Antwort.
Das HT nicht mehr gefragt ist habe ich dann auch gesehen, nur leider konnte ich dann meinen Eintrag nicht mehr editieren und da in der Anleitung steht man solle sein Beitrag nicht pushen habe ich erstmal gewartet. Sorry ;-)

So hier ein aktueller OTL Scan, allerdings hat er mir keine Extra.txt erstellt.

OTL.txt
Code:
OTL logfile created on: 11.07.2012 11:32:01 - Run 5
OTL by OldTimer - Version 3.2.53.1    Folder = F:\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,59% Memory free
3,98 Gb Paging File | 2,65 Gb Available in Paging File | 66,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 26,46 Gb Total Space | 0,56 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive F: | 122,59 Gb Total Space | 32,50 Gb Free Space | 26,51% Space Free | Partition Type: NTFS
Drive G: | 488,23 Mb Total Space | 152,44 Mb Free Space | 31,22% Space Free | Partition Type: FAT
 
Computer Name: BOOOOM | User Name: SeS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.08 12:54:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.04.10 12:17:02 | 000,024,336 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SandboxieRpcSs.exe
PRC - [2012.04.10 12:17:02 | 000,018,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SandboxieDcomLaunch.exe
PRC - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.22 20:36:00 | 000,621,320 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 10:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 12:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 12:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.04.12 18:37:19 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.04.12 18:37:19 | 000,166,400 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.11.04 02:14:04 | 000,054,272 | ---- | M] () -- C:\Programme\Notepad++\NppShell_01.dll
MOD - [2007.09.01 15:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.07.04 12:02:53 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.23 08:03:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.10 12:16:58 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.09.13 11:10:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.04.04 11:57:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.02.26 00:47:00 | 003,489,788 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.08.10 13:34:40 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 16:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.04.10 12:16:58 | 000,135,440 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.11.04 21:33:18 | 000,296,592 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.04.29 06:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2008.09.25 09:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF D6 A4 D5 44 1A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {1de0de3c-0b5c-4f67-90c6-689623894991}:0.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.1
FF - prefs.js..extensions.enabledItems: csscoverage@spaghetticoder.org:0.2.4
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:4.0.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:3.5.9.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110508
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.09 20:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.05 09:41:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:02:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 01:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.10 21:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.09 20:25:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.04 12:02:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.28 01:16:28 | 000,000,000 | ---D | M]
 
[2010.09.04 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Extensions
[2010.09.04 14:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.09 10:56:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions
[2012.01.05 16:27:37 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.04.04 23:37:09 | 000,000,000 | ---D | M] ("Tab Preview") -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2011.06.03 08:44:56 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.24 16:01:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\SeS\AppData\Roaming\mozilla\Firefox\Profiles\udnyqyfl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.22 14:03:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.05 09:41:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012.03.09 16:19:34 | 000,009,650 | ---- | M] () (No name found) -- C:\USERS\SES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDNYQYFL.DEFAULT\EXTENSIONS\CSSCOVERAGE@SPAGHETTICODER.ORG.XPI
[2012.05.24 16:01:14 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\SES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UDNYQYFL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.07.04 12:02:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.03.12 11:16:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 11:16:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.12 11:16:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 11:16:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 11:16:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 11:16:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\SeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3494F8-0105-4984-ADC8-352E1E0ED309}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7268085-4667-4E4A-A163-973C5B533D2E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {01FF51E9-C771-4CD3-AD62-C9FB5AEF55A5} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2538218)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {23036C23-ECDE-47F5-A908-BEC94EE0456F} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2251481)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3ADBA5AF-E4B1-45B1-AF09-C49CFC4EA898} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB2465367)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} - Microsoft Visual C++ 2005 Express Edition - DEU Service Pack 1 (KB926748)
ActiveX: {AEA17EF2-EF36-485F-8105-3465692A8C7B} - Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB932234)
ActiveX: {BECB938C-6BC2-48C6-A0A6-4B61E85F584C} - Security Update für Microsoft Visual C++ 2005 Express Edition - DEU (KB971090)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.08 12:54:44 | 000,595,968 | ---- | C] (OldTimer Tools) -- F:\Desktop\OTL.exe
[2012.06.27 13:12:19 | 000,000,000 | ---D | C] -- F:\Desktop\*** Trikot
[2012.06.26 17:03:32 | 000,000,000 | ---D | C] -- C:\Users\SeS\AppData\Local\Macromedia
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.11 11:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.11 11:12:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.09 00:41:43 | 000,022,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.09 00:41:43 | 000,022,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.08 13:39:33 | 000,000,000 | ---- | M] () -- C:\Users\SeS\defogger_reenable
[2012.07.08 12:56:30 | 000,302,592 | ---- | M] () -- F:\Desktop\hrid37ww.exe
[2012.07.08 12:54:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- F:\Desktop\OTL.exe
[2012.07.05 09:41:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.07.04 23:03:59 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 23:03:59 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 23:03:59 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 23:03:59 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.04 18:10:55 | 000,209,439 | ---- | M] () -- F:\Desktop\grundprinzipien-20091028.pdf
[2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.07.03 18:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012.06.27 19:16:01 | 000,562,144 | ---- | M] () -- F:\Eigene Dokumente\Einladung.pdf
[2012.06.27 19:07:52 | 000,181,479 | ---- | M] () -- F:\Eigene Dokumente\Einladung.psd
[2012.06.27 19:07:20 | 000,205,444 | ---- | M] () -- F:\Eigene Dokumente\Einladung.jpg
[2012.06.27 18:44:48 | 000,201,064 | ---- | M] () -- F:\Eigene Dokumente\Einladung1.jpg
[2012.06.14 03:38:34 | 001,654,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.08 13:39:33 | 000,000,000 | ---- | C] () -- C:\Users\SeS\defogger_reenable
[2012.07.08 12:56:29 | 000,302,592 | ---- | C] () -- F:\Desktop\hrid37ww.exe
[2012.07.04 18:10:55 | 000,209,439 | ---- | C] () -- F:\Desktop\grundprinzipien-20091028.pdf
[2012.06.27 18:44:45 | 000,201,064 | ---- | C] () -- F:\Eigene Dokumente\Einladung1.jpg
[2012.06.27 18:36:48 | 000,205,444 | ---- | C] () -- F:\Eigene Dokumente\Einladung.jpg
[2012.06.27 18:27:00 | 000,562,144 | ---- | C] () -- F:\Eigene Dokumente\Einladung.pdf
[2012.06.27 18:23:37 | 000,181,479 | ---- | C] () -- F:\Eigene Dokumente\Einladung.psd
[2012.05.14 11:13:19 | 000,002,086 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.04.12 21:49:34 | 000,007,601 | ---- | C] () -- C:\Users\SeS\AppData\Local\Resmon.ResmonCfg
[2012.01.13 14:59:58 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{D3A54969-E7EB-4D76-A5D0-5168CAA3A995}
[2011.12.08 05:03:35 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{EAC6D661-0EED-4FEC-813E-238AC50ACDB1}
[2011.10.16 01:08:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.08.31 22:43:22 | 000,039,586 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011.07.06 18:07:18 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2011.06.30 01:16:55 | 000,000,000 | ---- | C] () -- C:\Users\SeS\AppData\Local\{18D59C89-51F3-48CC-AC65-C8F6B064C312}
[2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.02.16 23:59:21 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2010.11.15 14:27:30 | 000,000,218 | ---- | C] () -- C:\Users\SeS\.recently-used.xbel
[2010.09.23 19:44:30 | 000,003,584 | ---- | C] () -- C:\Users\SeS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.23 14:57:39 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.08.15 17:17:00 | 012,824,576 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.06.15 13:46:46 | 000,017,408 | ---- | C] () -- C:\Users\SeS\AppData\Local\WebpageIcons.db
 
========== LOP Check ==========
 
[2010.04.14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\CadSoft
[2010.09.16 18:31:34 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Canneverbe Limited
[2011.09.08 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\DVDVideoSoft
[2011.06.03 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.08 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\GetRightToGo
[2010.11.15 14:26:49 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\gtk-2.0
[2011.10.08 20:13:29 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\KeePass
[2010.06.28 18:33:57 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Notepad++
[2010.04.12 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\OpenOffice.org
[2011.02.17 03:14:47 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\picajet.com
[2010.04.19 02:41:57 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Subversion
[2010.09.04 14:25:36 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Thunderbird
[2012.01.10 20:22:14 | 000,000,000 | ---D | M] -- C:\Users\SeS\AppData\Roaming\Wuala
[2012.04.11 15:07:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.03.13 13:58:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.05.30 20:43:30 | 000,000,000 | ---D | M] -- C:\BlueJ
[2012.07.07 13:47:08 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2010.05.02 20:22:34 | 000,000,000 | ---D | M] -- C:\cygwin
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.13 13:58:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.03.14 18:43:38 | 000,000,000 | ---D | M] -- C:\Intel
[2010.07.20 21:43:33 | 000,000,000 | ---D | M] -- C:\Medion
[2010.04.14 12:55:04 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.05.14 11:12:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.05.04 16:47:38 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.03.13 13:58:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.13 13:58:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.05.14 11:18:57 | 000,000,000 | R--D | M] -- C:\Sandbox
[2012.07.11 11:35:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.26 01:56:23 | 000,000,000 | ---D | M] -- C:\Temp
[2010.09.23 14:58:20 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.05 09:41:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.11.15 14:27:30 | 000,000,218 | ---- | M] () -- C:\Users\SeS\.recently-used.xbel
[2012.07.08 13:39:33 | 000,000,000 | ---- | M] () -- C:\Users\SeS\defogger_reenable
[2012.07.11 11:35:47 | 004,456,448 | -HS- | M] () -- C:\Users\SeS\ntuser.dat
[2012.07.11 11:35:47 | 000,262,144 | -HS- | M] () -- C:\Users\SeS\ntuser.dat.LOG1
[2010.03.13 13:58:34 | 000,000,000 | -HS- | M] () -- C:\Users\SeS\ntuser.dat.LOG2
[2010.03.14 19:32:01 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TM.blf
[2010.03.14 19:32:01 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TMContainer00000000000000000001.regtrans-ms
[2010.03.14 19:32:01 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{0a1b9c9d-2f8d-11df-a4bd-001b77e0f600}.TMContainer00000000000000000002.regtrans-ms
[2010.03.13 14:28:53 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.03.13 14:28:53 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.03.13 14:28:53 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.03.09 15:39:51 | 000,065,536 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TM.blf
[2012.03.09 15:39:51 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TMContainer00000000000000000001.regtrans-ms
[2012.03.09 15:39:51 | 000,524,288 | -HS- | M] () -- C:\Users\SeS\ntuser.dat{fedaf3aa-69eb-11e1-9ab4-0016d3869678}.TMContainer00000000000000000002.regtrans-ms
[2010.03.13 13:58:34 | 000,000,020 | -HS- | M] () -- C:\Users\SeS\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:7311BB85

< End of report >
Gmer.log
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-08 17:19:08
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-22RST0 rev.04.01G04
Running: hrid37ww.exe; Driver: C:\Users\SeS\AppData\Local\Temp\ugldqpog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwAddBootEntry [0x89298536]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwAllocateVirtualMemory [0x8EC997BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwAssignProcessToJobObject [0x89298F52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateEvent [0x892A3D7A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateEventPair [0x892A3DC6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateIoCompletion [0x892A3F48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateMutant [0x892A3CE8]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwCreateSection [0x8EC99BAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateSemaphore [0x892A3D30]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateThread [0x89299146]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateThreadEx [0x892992CE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwCreateTimer [0x892A3F02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwDebugActiveProcess [0x892998CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwDeleteBootEntry [0x89298584]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwFreeVirtualMemory [0x8EC9989E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwLoadDriver [0x892981EC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwModifyBootEntry [0x892985D2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwNotifyChangeKey [0x8929D2A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwNotifyChangeMultipleKeys [0x8929A292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenEvent [0x892A3DA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenEventPair [0x892A3DE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenIoCompletion [0x892A3F6C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenMutant [0x892A3D0E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenSection [0x892A3E8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenSemaphore [0x892A3D58]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwOpenTimer [0x892A3F26]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwProtectVirtualMemory [0x8EC99A1E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwQueryObject [0x8929A15E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwQueueApcThreadEx [0x89299E9A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSetBootEntryOrder [0x89298620]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSetBootOptions [0x8929866E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSetContextThread [0x8929974A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSetSystemInformation [0x89298276]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSetSystemPowerState [0x89298426]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwShutdownSystem [0x892983CC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSuspendProcess [0x89299A2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSuspendThread [0x89299B88]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwSystemDebugControl [0x89298496]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwTerminateProcess [0x8EC99AE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwTerminateThread [0x892995CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)              ZwVdmControl [0x892986BC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwWriteVirtualMemory [0x8EC99954]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ZwCreateProcessEx [0x8ECB1744]
Code            99B50BFC                                                                                            ZwTraceEvent
Code            99B50BFB                                                                                            NtTraceEvent
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)              ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                            82E503C9 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                              82E89D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                82E90D80 4 Bytes  [36, 85, 29, 89]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                82E90DA8 4 Bytes  [BA, 97, C9, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                82E90E08 4 Bytes  [52, 8F, 29, 89]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                82E90E5C 8 Bytes  [7A, 3D, 2A, 89, C6, 3D, 2A, ...] {JP 0x3f; SUB CL, [ECX-0x76d5c23a]}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                82E90E68 4 Bytes  [48, 3F, 2A, 89]
.text          ...                                                                                               
.text          ntkrnlpa.exe!NtTraceEvent                                                                          82ED963A 5 Bytes  JMP 99B50C00
PAGE            ntkrnlpa.exe!ObMakeTemporaryObject                                                                  8301DC64 5 Bytes  JMP 8ECAE61C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ObInsertObject + 27                                                                    83036290 5 Bytes  JMP 8ECB0116 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                        8304B3D7 4 Bytes  CALL 8929A959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestWaitReplyPort + 2                                                            83050A45 5 Bytes  JMP 99B50D40
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2                                                          830650C0 5 Bytes  JMP 99B50DE0
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                        830651E0 4 Bytes  CALL 8929A96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntkrnlpa.exe!NtRequestPort + 2                                                                      83093687 5 Bytes  JMP 99B50CA0
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                      830EF11A 7 Bytes  JMP 8ECB1748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\Explorer.EXE[344] kernel32.dll!GetBinaryTypeW + 70                                      762D69F4 1 Byte  [62]
.text          C:\Windows\system32\csrss.exe[452] kernel32.dll!GetBinaryTypeW + 70                                762D69F4 1 Byte  [62]
.text          C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text          C:\Windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70                                762D69F4 1 Byte  [62]
.text          C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text          ...                                                                                               
.text          C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!SetUnhandledExceptionFilter  762BF4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text          C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!GetBinaryTypeW + 70          762D69F4 1 Byte  [62]
.text          C:\Windows\System32\spoolsv.exe[1516] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text          C:\Program Files\Bonjour\mDNSResponder.exe[1648] kernel32.dll!GetBinaryTypeW + 70                  762D69F4 1 Byte  [62]
.text          C:\Windows\system32\svchost.exe[1712] kernel32.dll!GetBinaryTypeW + 70                              762D69F4 1 Byte  [62]
.text          ...                                                                                               

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                              aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                            Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000050                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                            aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

markusg 11.07.2012 21:30
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

nirvfreak 14.07.2012 13:54
So hier mein Logfile von combofix.

Code:
ComboFix 12-07-13.03 - SeS 14.07.2012  13:54:40.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2038.1104 [GMT 2:00]
ausgeführt von:: f:\desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\app
c:\programdata\app\Textaizer Pro\Projects\Default.mpr
c:\programdata\app\Textaizer Pro\Projects\Lene.mpr
c:\programdata\app\Textaizer Pro\Sources\Balloons.png
c:\programdata\app\Textaizer Pro\Sources\Beatles.txt
c:\programdata\app\Textaizer Pro\Sources\CiegaSordomuda.txt
c:\programdata\app\Textaizer Pro\Sources\Congrats.txt
c:\programdata\app\Textaizer Pro\Sources\Greetings.txt
c:\programdata\app\Textaizer Pro\Sources\Heer Bommel.jpg
c:\programdata\app\Textaizer Pro\Sources\Lene Marlin.jpg
c:\programdata\app\Textaizer Pro\Sources\Shakespeare.txt
c:\programdata\app\Textaizer Pro\Sources\Shakira.jpg
c:\programdata\app\Textaizer Pro\Sources\Stones.txt
c:\programdata\app\Textaizer Pro\Sources\Tin Tin.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Burlap.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Canvas.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Concrete.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Cork.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Gaze.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Jeans.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Lightwood.jpg
c:\programdata\app\Textaizer Pro\Textures\t_Sandstone.jpg
c:\programdata\gema
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Magic Speed.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Reach-a-Mail.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Empfohlene Software\Smart PC.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Hilfe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery entfernen.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery im Internet.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Smart Flash Recovery\Smart Flash Recovery.lnk
c:\programdata\xml3A21.tmp
c:\programdata\xml541F.tmp
c:\programdata\xml5604.tmp
c:\programdata\xml56B0.tmp
c:\programdata\xmlADFE.tmp
c:\programdata\xmlB493.tmp
c:\programdata\xmlB494.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-14 12:06 . 2012-07-14 12:06        --------        d-----w-        c:\users\Mcx1-BOOOOM\AppData\Local\temp
2012-07-14 12:06 . 2012-07-14 12:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-13 07:19 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6907A30A-D1EA-47F7-9561-FB1E3812474E}\mpengine.dll
2012-07-11 20:22 . 2012-06-12 02:40        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 19:01 . 2012-06-02 04:45        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 19:01 . 2012-06-02 04:40        369336        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-07-11 19:01 . 2012-06-02 04:39        219136        ----a-w-        c:\windows\system32\ncrypt.dll
2012-07-11 19:01 . 2012-06-02 04:40        225280        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 19:01 . 2012-06-02 04:45        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 19:01 . 2012-06-06 05:05        1390080        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 19:01 . 2012-06-06 05:05        1236992        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 19:01 . 2010-06-26 03:24        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2012-07-11 19:00 . 2012-06-06 05:05        1019904        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 19:00 . 2012-06-06 05:03        805376        ----a-w-        c:\windows\system32\cdosys.dll
2012-07-11 19:00 . 2012-06-06 05:05        352256        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 19:00 . 2012-06-06 05:05        57344        ----a-w-        c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 19:00 . 2012-06-06 05:05        212992        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 19:00 . 2012-06-06 05:05        143360        ----a-w-        c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 19:00 . 2012-06-06 05:05        372736        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll
2012-07-04 10:02 . 2012-07-04 10:02        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-04 10:02 . 2012-07-04 10:02        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-26 15:03 . 2012-06-26 15:03        --------        d-----w-        c:\users\SeS\AppData\Local\Macromedia
2012-06-23 06:14 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-23 06:14 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-23 06:14 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-23 06:14 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-23 06:14 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-23 06:14 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-23 06:14 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-23 06:14 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-23 06:14 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 15:36 . 2012-04-11 13:09        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-12 15:36 . 2011-05-31 11:19        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 16:21 . 2010-03-14 17:39        54232        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-04-03 14:50        44784        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-04-15 23:48        721000        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-03-14 17:39        353688        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-03-14 17:39        21256        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-03-14 17:39        57656        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-07-01 07:13        41224        ----a-w-        c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-03-14 17:38        227648        ----a-w-        c:\windows\system32\aswBoot.exe
2012-05-01 04:44 . 2012-06-13 05:39        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 05:39        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 05:39        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 05:39        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 05:39        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 05:39        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 05:39        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 05:39        103936        ----a-w-        c:\windows\system32\cryptnet.dll
2012-07-04 10:02 . 2011-05-23 20:29        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21        121528        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon1]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2011-05-26 14:07        559104        ----a-w-        c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon2]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2011-05-26 14:07        559104        ----a-w-        c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon3]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2011-05-26 14:07        559104        ----a-w-        c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0WualaOverlayIcon4]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2011-05-26 14:07        559104        ----a-w-        c:\program files\Wuala OverlayIcons\OverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1EldosIconOverlay]
@="{F355C53D-68AA-437A-9E32-E7EBE595795B}"
[HKEY_CLASSES_ROOT\CLSID\{F355C53D-68AA-437A-9E32-E7EBE595795B}]
2011-11-04 19:33        158224        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 17:12        86280        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2011-11-04 19:33        158224        ----a-w-        c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-04-10 452880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-07-28 9398888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-07-12 1764352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\SeS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:36]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\SeS\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\SeS\AppData\Roaming\Mozilla\Firefox\Profiles\udnyqyfl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-14  14:09:10
ComboFix-quarantined-files.txt  2012-07-14 12:09
.
Vor Suchlauf: 928.653.312 Bytes frei
Nach Suchlauf: 731.164.672 Bytes frei
.
- - End Of File - - 1EB3D5328BBF6AAA93BAA34347CCF9BA

markusg 15.07.2012 18:52
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

nirvfreak 16.07.2012 23:16
So nun der Malewarebytes Log.
Das einzige das er als Virus gefunden hat war der Decrypthelper, den ich mir hier mal für nen Kollegen gesaugt habe :confused:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
SeS :: BOOOOM [Administrator]

16.07.2012 14:37:19
mbam-log-2012-07-16 (14-37-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 497764
Laufzeit: 2 Stunde(n), 2 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
F:\Downloads\DecryptHelper-0.5.3.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 17.07.2012 17:53
ein fehlalarm.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

nirvfreak 17.07.2012 20:30
Code:
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen        Adobe Systems Incorporated        04.04.2010        1,14GB        1.0  -->notwendig
Adobe Digital Editions                12.04.2010                -->notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        12.07.2012        6,00MB        11.3.300.265 -->notwendig
Adobe Flash Player 9 ActiveX        Adobe Systems, Inc.        04.04.2010        2,65MB        9.0.45.0        -->notwendig
Adobe Reader 9.5.1 - Deutsch        Adobe Systems Incorporated        28.04.2012        118MB        9.5.1        -->notwendig
AppInventor Setup        Google Inc.        04.11.2011                1.1                -->notwendig
AuthenTec TrueSuite        AuthenTec, Inc.        05.04.2010        6,54MB        2.0.0.57                -->unbekannt
avast! Free Antivirus        AVAST Software        05.07.2012                7.0.1456.0                -->notwendig
BlueJ 2.5.3        Deakin University        30.05.2010                        -->notwendig
Boost C++ Libraries 1.44                22.10.2010                        -->notwendig
CCleaner        Piriform        22.06.2012                3.20                -->notwendig
DartPro 2.9.0.0        RuSyS        26.08.2011                                        --unnötig
Dia (nur entfernen)                14.04.2010                                        -->notwendig
Diablo II                31.08.2011                                                        -->notwendig
DivX-Setup        DivX, Inc.        22.11.2010                2.1.2.2                -->notwendig
DVD Flick 1.3.0.7        Dennis Meuwissen        11.10.2010                1.3.0.7                -->unbekannt
EAGLE 5.8.0        CadSoft Computer GmbH        14.04.2010                5.8.0                -->notwendig
Free YouTube to MP3 Converter version 3.10.8.815        DVDVideoSoft Ltd.        08.09.2011        45,3MB                -->notwendig       
Ghost Recon                21.05.2010                                -->notwendig
GNUARM 4.1.1        GNU        02.05.2010                4.1.1                -->notwendig
HP Customer Participation Program 13.0        HP        09.07.2010                13.0                -->notwendig
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3        HP        09.07.2010                13.0                -->notwendig
HP Imaging Device Functions 13.0        HP        09.07.2010                13.0                -->notwendig
HP Photosmart Essential 3.5        HP        09.07.2010                3.5                -->notwendig               
HP Smart Web Printing 4.51        HP        09.07.2010                4.51        -->notwendig
HP Solution Center 13.0        HP        09.07.2010                13.0                -->notwendig
HP Update        Hewlett-Packard        09.03.2012        3,98MB        5.003.001.001                -->notwendig
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        14.08.2010        54,2MB        8.15.10.1930                -->notwendig
Internet-TV für Windows Media Center        Microsoft Corporation        27.09.2010        13,6MB        4.2.2.0                                -->unbekannt
Java DB 10.5.3.0        Sun Microsystems, Inc        28.03.2010        28,4MB        10.5.3.0                -->notwendig
Java(TM) 6 Update 29        Sun Microsystems, Inc.        28.03.2010        97,1MB        6.0.290                -->notwendig
Java(TM) SE Development Kit 6 Update 18        Sun Microsystems, Inc.        28.03.2010        150MB        1.6.0.180                -->notwendig
KeePass Password Safe 2.16        Dominik Reichl        11.08.2011        5,35MB                        -->notwendig
Launch Manager V1.4.8        Wistron Corp.        14.03.2010                1.4.8                -->notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        16.07.2012        18,7MB        1.62.0.1300                -->notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        27.06.2010        38,8MB        4.0.30319                -->notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        27.06.2010        2,93MB        4.0.30319                -->notwendig
Microsoft .NET Framework 4 Extended        Microsoft Corporation        22.10.2010        51,9MB        4.0.30319                -->notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        22.10.2010        10,6MB        4.0.30319  -->notwendig
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        22.10.2010        83,4MB        4.0.30319  -->notwendig
Microsoft Help Viewer 1.0        Microsoft Corporation        22.10.2010        3,97MB        1.0.30319  -->unbekannt
Microsoft Help Viewer 1.0 Language Pack - DEU        Microsoft Corporation        22.10.2010        1,95MB        1.0.30319  -->unbekannt
Microsoft Office Visio Professional 2007        Microsoft Corporation        08.02.2012                12.0.6612.1000                -->notwendig
Microsoft Silverlight        Microsoft Corporation        12.05.2012        60,4MB        4.1.10329.0                -->notwendig
Microsoft Small Basic v0.95        Microsoft Corporation        29.05.2011        7,35MB        0.9.5.0                -->notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        27.09.2010        1,72MB        3.1.0000                -->notwendig
Microsoft SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        22.10.2010        3,69MB        3.5.8080.0                -->notwendig
Microsoft Visual C++ 2005 Express Edition - DEU        Microsoft Corporation        22.10.2010                        -->notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        300KB        8.0.61001                -->notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        19.04.2011        598KB        9.0.30729.5570        -->notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        14.03.2010        596KB        9.0.30729.4148                -->notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974        Microsoft Corporation        22.10.2010        599KB        9.0.30729.4974                -->notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        16.06.2011        600KB        9.0.30729.6161                -->notwendig
Microsoft Visual C++ 2010 Express - DEU        Microsoft Corporation        22.10.2010                10.0.30319                -->notwendig
Mozilla Firefox 13.0.1 (x86 de)        Mozilla        04.07.2012        36,8MB        13.0.1                -->notwendig
Mozilla Maintenance Service        Mozilla        04.07.2012        309KB        13.0.1  -->unbekannt
Mozilla Thunderbird (3.1.11)        Mozilla        10.07.2011                3.1.11 (de)                -->notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        10.07.2010        1,27MB        4.20.9870.0  -->unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        12.07.2010        1,33MB        4.20.9876.0  -->unbekannt
NetBeans IDE 6.8        NetBeans.org        28.03.2010                6.8                -->notwendig
Notepad App        Sun Microsystems, Inc.        04.11.2011                                -->unbekannt
Notepad++                28.06.2010                5.6.8                                -->notwendig
OpenOffice.org 3.2        OpenOffice.org        12.04.2010        355MB        3.2.9483                -->notwendig
PC Inspector smart recovery                16.02.2011                4.50                -->unbekannt
PDF-Viewer        Tracker Software Products Ltd        29.04.2010        30,4MB        2.0.50.0  -->unbekannt 
PDFCreator        Frank Heindörfer, Philip Chinery        31.05.2010                1.0.0                -->notwendig
PicaJet Photo Recovery 1.0.1 Beta        PicaJet.Com        17.02.2011                1.0.1 Beta                -->notwendig
Picasa 3        Google, Inc.        12.08.2011                3.8                -->notwendig
PlayReady PC Runtime x86        Microsoft Corporation        19.07.2010        1,65MB        1.3.0                -->unbekannt
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        15.08.2010                6.0.1.6167                -->notwendig
Recover My Files        GetData Pty Ltd        17.02.2011        14,6MB        4.6.8.1012                -->notwendig
Recuva        Piriform        17.02.2011                1.39                -->notwendig
Sandboxie 3.68 (32-bit)        SANDBOXIE L.T.D        14.05.2012                3.68                -->notwendig
Shop for HP Supplies        HP        09.07.2010                13.0                -->unnötig
SiSoftware Sandra Lite 2010.SP2        SiSoftware        15.08.2010        67,4MB        16.52.2010.7                -->notwendig
Skype™ 5.9        Skype Technologies S.A.        18.06.2012        19,2MB        5.9.123                -->notwendig
Smart Flash Recovery v4.4        Smart PC Solutions        17.02.2011                4.4                -->notwendig
SopCast 3.4.0        www.sopcast.com        18.09.2011                3.4.0                -->notwendig
Spybot - Search & Destroy        Safer Networking Limited        09.03.2012                1.6.2                -->notwendig
Stellar Phoenix Photo Recovery v3.5        Stellar Information Systems Ltd        17.02.2011        9,60MB                        -->notwendig
Synaptics Pointing Device Driver        Synaptics        14.03.2010                10.0.14.0                -->unbekannt
Textaizer Pro v4.0        APP Helmond        22.08.2011        5,45MB        -->unbekannt
TinyCAD 2.60.01        TinyCAD        14.04.2010                2.60.01                -->notwendig
TmNationsForever        Nadeo        28.07.2011                -->notwendig
TortoiseSVN 1.6.7.18415 (32 bit)        TortoiseSVN        19.04.2010        18,3MB        1.6.18415                -->notwendig
Veetle TV        Veetle, Inc        30.04.2012                0.9.19                -->notwendig
VLC media player 1.1.5        VideoLAN        03.01.2011                1.1.5                -->notwendig
Windows Live Anmelde-Assistent        Microsoft Corporation        27.09.2010        1,93MB        5.000.818.5                -->unbekannt
Windows Live Essentials        Microsoft Corporation        27.09.2010                14.0.8117.0416                -->unbekannt
Windows Live Sync        Microsoft Corporation        27.09.2010        2,79MB        14.0.8117.416                -->unbekannt       
Windows Live-Uploadtool        Microsoft Corporation        27.09.2010        224KB        14.0.8014.1029        -->unbekannt       
Windows Media Player Firefox Plugin        Microsoft Corp        05.04.2010        296KB        1.0.0.8                -->unbekannt
WinRAR                21.03.2010                                -->notwendig
Wuala        LaCie        31.08.2011                1.0.367.0                -->notwendig
Wuala CBFS        LaCie        12.11.2011                3.2.101.0                -->notwendig
Wuala OverlayIcons        LaCie        31.08.2011                1.0.0.1                -->notwendig
XBCD 1.07        Redcl0ud        29.05.2010                1.07                -->notwendig
ZDFmediathek Version 2.1.6        ZDF        11.01.2012                -->notwendig

markusg 19.07.2012 21:42
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
DartPro
DVD Flick
Internet-TV
Java: alle
Download der kostenlosen Java-Software
downloade java jre instalieren
deinstaliere:
PC Inspector
PDF-Viewer
Spybot : verzichte lieber drauf, und behalte malwarebytes.
Windows Live : alle die du nicht benötigst.

öffne ccleaner analysieren bereinigen.
öffne otl, cleanup pc startet neu, teste wie er läuft


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:36 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129