Trojaner-Board - Google Redirect Virus

Hallo zusammen

Ich habe seit ein paar Tagen Probleme mit meinem Netbook. Es ist ein 32Bit System mit Windows 7 starter.
Als erstes trat der Virus "Live Security Platinum" auf, den ich dann aber mit Malwerbytes gefunden habe und diesen in die Quarantäne verschieben konnte. Nun habe ich aber seither Probleme mit Google. Beim anwählen der gefundenen Links wird nicht die richtige Seite geöffnet sondern ein anderer Link aufgerufen, der dann teilweise als attackierend gemeldete Webseite gemeldet wird.
Das Problem tritt sowohl mit Firefox als auch im Internet Explorer auf. Zudem habe ich es teilweise auch bei anderen Suchmaschinen wie altavista festgestellt.

Ich habe nun mit Avira und Malwarebytes diverse Suchläufe gemacht, bei denen auch schädliche Programme gefunden wurden.

Zudem habe ich versucht den tdsskiller von Kaspersky einzusetzen. Dieser stürzt aber immer nach kurzer Zeit ab.

Da die letzten Suchläufe keine Ergebnisse mehr gebracht haben und ich auch im Internet nichts mehr gefunden habe, wende ich mich an euch und hoffe, dass mir jemand helfen kann.

Hier das OTL Logfile:

Code:

 OTL logfile created on: 16.07.2012 13:38:42 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\p&j\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

1011,87 Mb Total Physical Memory | 192,48 Mb Available Physical Memory | 19,02% Memory free

1,99 Gb Paging File | 0,98 Gb Available in Paging File | 49,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 211,78 Gb Total Space | 131,54 Gb Free Space | 62,11% Space Free | Partition Type: NTFS

Drive D: | 16,94 Gb Total Space | 1,80 Gb Free Space | 10,63% Space Free | Partition Type: NTFS

Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,83% Space Free | Partition Type: FAT32

 

Computer Name: HPMINI | User Name: p&j | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\p&j\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe (Adobe Systems, Inc.)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

PRC - C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)

PRC - C:\Programme\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)

PRC - C:\Windows\System32\services.exe ()

PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\p&j\AppData\Roaming\dgrpr.dll ()

MOD - C:\Windows\System32\evenrApp.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (HP Support Assistant Service) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (HPDrvMntSvc.exe) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (hpCMSrv) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

SRV - (GamesAppService) -- C:\Programme\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found

DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found

DRV - (ZTEusbnet) -- system32\DRIVERS\ZTEusbnet.sys File not found

DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found

DRV - (PCTINDIS5) -- C:\Windows\system32\PCTINDIS5.SYS File not found

DRV - (massfilter) -- system32\drivers\massfilter.sys File not found

DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (RTL8192Ce) -- C:\Windows\System32\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)

DRV - (rpt1msdrv) -- C:\Windows\System32\drivers\rpt1msdrv.sys ()

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/36

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/36

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM\..\SearchScopes\{59FC32B2-D70A-497B-856D-D9ECEED28DF6}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/36

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKCU\..\SearchScopes\{59FC32B2-D70A-497B-856D-D9ECEED28DF6}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.08 10:23:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.15 17:58:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6BAB16BF-CD07-11E1-8270-B8AC6F996F26}: C:\Users\p&j\AppData\Local\{6BAB16BF-CD07-11E1-8270-B8AC6F996F26}\ [2012.07.13 10:26:02 | 000,000,000 | ---D | M]

 

[2011.09.07 08:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p&j\AppData\Roaming\mozilla\Extensions

[2012.05.01 16:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\p&j\AppData\Roaming\mozilla\Firefox\Profiles\pv7ph0kc.default\extensions

[2012.04.17 00:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.16 00:37:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.07.08 10:23:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.05.08 09:50:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.08 09:50:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.05.08 09:50:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.05.08 09:50:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.08 09:50:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.05.08 09:50:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [dgrpr] C:\Users\p&j\AppData\Roaming\dgrpr.dll ()

O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - Startup: C:\Users\p&j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2AEF9D-3046-49FC-A1BB-4C9FB84D5890}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Programme\Stardock\Fences\FencesMenu.dll (Stardock)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cmdkutou - (C:\Windows\system32\evenrApp.dll) - C:\Windows\System32\evenrApp.dll ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.16 13:10:25 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\p&j\Desktop\tdsskiller(1).exe

[2012.07.14 20:19:23 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

[2012.07.13 23:36:01 | 000,000,000 | ---D | C] -- C:\Users\p&j\Desktop\Hüttä_Parpatos

[2012.07.13 20:07:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\p&j\Desktop\OTL.exe

[2012.07.13 14:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012.07.13 14:24:53 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Roaming\GetRightToGo

[2012.07.13 12:55:21 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Roaming\Malwarebytes

[2012.07.13 12:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.13 12:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.13 12:54:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.07.13 12:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.07.13 11:38:18 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2012.07.13 11:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012.07.13 11:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012.07.13 10:26:54 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum

[2012.07.13 10:26:02 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Local\{6BAB16BF-CD07-11E1-8270-B8AC6F996F26}

[2012.07.13 10:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8A00014EB00049D73DF875F020

[2012.07.12 20:10:49 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Local\{76B0E8F7-6292-479D-8825-F039681D44D5}

[2012.07.12 20:07:11 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Local\{90634955-309D-4281-B27B-12CCEF7CCFFE}

[2012.06.22 01:08:49 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012.06.22 01:08:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012.06.22 01:08:19 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012.06.22 01:08:19 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012.06.22 01:08:19 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012.06.22 01:07:49 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012.06.22 01:07:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012.06.20 09:24:49 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Local\Macromedia

[2012.06.17 00:01:13 | 000,000,000 | ---D | C] -- C:\Users\p&j\AppData\Local\{D2AB6A51-A245-4257-9F32-36D96D7966A5}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.16 13:10:42 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\p&j\Desktop\tdsskiller(1).exe

[2012.07.16 12:28:39 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.16 12:28:39 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.16 12:19:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.16 12:19:21 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.15 18:02:07 | 000,011,553 | ---- | M] () -- C:\Users\p&j\.recently-used.xbel

[2012.07.14 20:29:41 | 000,007,597 | ---- | M] () -- C:\Users\p&j\AppData\Local\Resmon.ResmonCfg

[2012.07.13 20:07:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\p&j\Desktop\OTL.exe

[2012.07.13 14:53:36 | 001,171,774 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2012.07.13 14:03:25 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.07.13 14:03:25 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.07.13 14:03:25 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.07.13 14:03:25 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.07.13 10:26:00 | 000,377,856 | ---- | M] () -- C:\Users\p&j\AppData\Roaming\dgrpr.dll

[2012.07.13 10:25:10 | 000,056,320 | -H-- | M] () -- C:\Windows\System32\evenrApp.dll

[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.06.22 11:08:40 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForp&j.job

[2012.06.20 09:18:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.06.20 09:18:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.07.16 12:22:36 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{15975640-b105-bf04-c39b-82185a1cabf2}\U\80000000.@

[2012.07.16 12:22:35 | 000,019,456 | ---- | C] () -- C:\Windows\Installer\{15975640-b105-bf04-c39b-82185a1cabf2}\U\800000cb.@

[2012.07.16 12:22:35 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{15975640-b105-bf04-c39b-82185a1cabf2}\U\00000001.@

[2012.07.15 18:02:07 | 000,011,553 | ---- | C] () -- C:\Users\p&j\.recently-used.xbel

[2012.07.14 20:29:41 | 000,007,597 | ---- | C] () -- C:\Users\p&j\AppData\Local\Resmon.ResmonCfg

[2012.07.13 14:52:45 | 001,171,774 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2012.07.13 10:25:58 | 000,377,856 | ---- | C] () -- C:\Users\p&j\AppData\Roaming\dgrpr.dll

[2012.07.13 10:25:10 | 000,056,320 | -H-- | C] () -- C:\Windows\System32\evenrApp.dll

[2012.06.21 19:55:54 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForp&j.job

[2012.05.16 20:35:24 | 000,000,078 | ---- | C] () -- C:\Users\p&j\AppData\Roaming\.ptbt0

[2012.04.26 04:17:14 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat

[2012.01.11 16:44:43 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{15975640-b105-bf04-c39b-82185a1cabf2}\@

[2012.01.11 16:44:43 | 000,002,048 | -HS- | C] () -- C:\Users\p&j\AppData\Local\{15975640-b105-bf04-c39b-82185a1cabf2}\@

[2011.10.11 02:58:30 | 000,000,940 | ---- | C] () -- C:\Users\p&j\RPSTD2010.lic

[2011.10.11 02:58:23 | 000,000,019 | ---- | C] () -- C:\Users\p&j\rp.ini

[2011.09.07 13:57:12 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011.09.07 12:34:22 | 000,000,980 | ---- | C] () -- C:\Windows\mozver.dat

[2011.09.07 09:05:27 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\rpt1msdrv.sys

[2011.05.27 14:21:12 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011.05.27 14:19:18 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2011.05.09 13:26:54 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.05.09 13:26:54 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.05.09 13:26:54 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.05.09 13:26:54 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2011.03.03 13:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 

< End of report >

Ich habe die Logfiles von Avira und Malwarebytes sowie die txt files gmer und extra als rar file angehängt, damit mein Eintrag nicht zu gross wird. Hoffe das ist in Ordnung so.

Ich nehme an, dass es wohl das beste und sicherste wäre, das System neu aufzusetzen. Ich bin jedoch zur Zeit im Ausland und es ist mir deshalb kaum möglich alles neu zu installieren.

Vielen Dank schon Mal für eure Antworten!

Gruss pj

hi

ich habe nun das system neu aufgesetzt, anschliessend genau nach der anleitung abgesichert, alle programme wieder installiert und anschliessend meine dateien von den externen datenträgern wieder auf den pc geladen.
zudem habe ich die homepage neu eingespielt, da auf dieser frames eingebunden waren, die auf .ru seiten weitergeleitet haben welche malware beinhalteten.

so weit ist alles gut gegangen und ich freute mich schon, dass das system nun malwarefrei läuft und gut abgesichert ist.

nun habe ich aber gestern einen scan mit avast gemacht und dieser hat 3 bedrohungen gefunden.
eine weitere startzeitprüfung ergab einen weiteren fund.
leider habe ich keine protokolle dazu. ich habe jedoch printscreens von den funden gemacht. diese befinden sich im anhang.

ich habe nun auch mit otl noch einmal gescannt. hier das log file:
OTL Logfile:

Code:

OTL logfile created on: 26.07.2012 12:19:09 - Run 1

OTL by OldTimer - Version 3.2.54.1     Folder = C:\Users\pj_2\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

1011,87 Mb Total Physical Memory | 235,80 Mb Available Physical Memory | 23,30% Memory free

1,99 Gb Paging File | 0,94 Gb Available in Paging File | 47,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 211,78 Gb Total Space | 141,74 Gb Free Space | 66,93% Space Free | Partition Type: NTFS

Drive D: | 16,94 Gb Total Space | 1,80 Gb Free Space | 10,63% Space Free | Partition Type: NTFS

Drive E: | 3,96 Gb Total Space | 1,10 Gb Free Space | 27,83% Space Free | Partition Type: FAT32

 

Computer Name: HPMINI | User Name: pj | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\pj_2\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)

PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Programme\Sandboxie\SandboxieCrypto.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SandboxieRpcSs.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SandboxieDcomLaunch.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

PRC - C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)

PRC - C:\Programme\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)

PRC - C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)

PRC - C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.)

PRC - C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)

PRC - C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

PRC - C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)

PRC - C:\Programme\Panda USB Vaccine\USBVaccine.exe (Panda Security)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\pdf.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\libegl.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()

MOD - C:\Programme\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()

MOD - C:\Programme\Notepad++\NppShell_05.dll ()

MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Data.Entity.resources\3.5.0.0_de_b77a5c561934e089\System.Data.Entity.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)

SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)

SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)

SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (HPDrvMntSvc.exe) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (HPAuto) -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)

SRV - (hpCMSrv) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)

SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)

SRV - (GamesAppService) -- C:\Programme\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)

SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)

SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (RTL8192Ce) -- C:\Windows\System32\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/36

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/36

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM\..\SearchScopes\{59FC32B2-D70A-497B-856D-D9ECEED28DF6}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/36

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/36

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKCU\..\SearchScopes\{59FC32B2-D70A-497B-856D-D9ECEED28DF6}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://ch.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.24 00:35:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.com

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\pj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google-Suche = C:\Users\pj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\pj\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Google Mail = C:\Users\pj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (Alcor Micro Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Programme\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2AEF9D-3046-49FC-A1BB-4C9FB84D5890}: DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.25 10:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012.07.24 22:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client

[2012.07.24 22:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

[2012.07.24 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.07.24 21:15:12 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

[2012.07.24 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++

[2012.07.24 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Notepad++

[2012.07.24 21:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++

[2012.07.24 21:14:24 | 000,000,000 | ---D | C] -- C:\Program Files\tidy

[2012.07.24 21:08:37 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KompoZer

[2012.07.24 21:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\KompoZer

[2012.07.24 20:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum

[2012.07.24 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\jAlbum

[2012.07.24 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2012.07.24 20:52:29 | 000,031,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll

[2012.07.24 20:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2012.07.24 20:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2012.07.24 20:46:10 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW

[2012.07.24 20:45:51 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Microsoft Help

[2012.07.24 20:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2012.07.24 20:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2012.07.24 20:44:34 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2012.07.24 20:40:34 | 000,000,000 | ---D | C] -- C:\Kompozer-Install

[2012.07.24 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012.07.24 20:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012.07.24 20:34:15 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012.07.24 20:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012.07.24 20:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ICE

[2012.07.24 20:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research

[2012.07.24 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\WinRAR

[2012.07.24 20:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012.07.24 20:25:01 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012.07.24 20:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2012.07.24 19:49:38 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.07.24 19:49:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.07.24 19:49:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.07.24 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2012.07.24 19:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe

[2012.07.24 19:20:59 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.07.24 19:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012.07.24 19:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012.07.24 19:14:08 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.07.24 11:28:17 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012.07.24 11:27:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE

[2012.07.24 11:26:06 | 000,000,000 | ---D | C] -- C:\Windows\de

[2012.07.24 11:17:26 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll

[2012.07.24 11:17:26 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2012.07.24 11:17:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll

[2012.07.24 11:15:55 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll

[2012.07.24 10:55:29 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Windows Live

[2012.07.24 10:47:33 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.07.24 10:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com

[2012.07.24 10:40:16 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Secunia PSI

[2012.07.24 10:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia

[2012.07.24 10:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security

[2012.07.24 10:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

[2012.07.24 10:35:12 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine

[2012.07.24 09:33:03 | 000,000,000 | R--D | C] -- C:\Sandbox

[2012.07.24 09:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie

[2012.07.24 09:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie

[2012.07.24 00:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2012.07.23 22:17:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.07.23 22:00:41 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2012.07.23 22:00:40 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2012.07.23 22:00:20 | 000,148,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2012.07.23 22:00:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe

[2012.07.23 21:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2012.07.23 21:30:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.07.23 21:30:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.07.23 21:30:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012.07.23 21:30:11 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.07.23 21:30:08 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012.07.23 21:30:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.07.23 21:30:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.07.23 21:01:41 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012.07.23 20:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012.07.23 20:50:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012.07.23 20:50:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012.07.23 20:49:56 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl

[2012.07.23 20:49:54 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2012.07.23 20:49:54 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2012.07.23 20:49:51 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2012.07.23 20:49:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2012.07.23 20:49:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012.07.23 20:49:04 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe

[2012.07.23 20:49:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2012.07.23 20:48:59 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012.07.23 20:48:50 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll

[2012.07.23 20:48:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2012.07.23 20:48:48 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2012.07.23 20:48:45 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

[2012.07.23 20:48:45 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.07.23 20:48:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll

[2012.07.23 20:48:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

[2012.07.23 20:48:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

[2012.07.23 20:48:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

[2012.07.23 20:48:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll

[2012.07.23 20:48:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

[2012.07.23 20:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

[2012.07.23 20:48:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll

[2012.07.23 20:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

[2012.07.23 20:48:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll

[2012.07.23 20:48:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

[2012.07.23 20:48:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

[2012.07.23 20:48:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll

[2012.07.23 20:48:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll

[2012.07.23 20:48:41 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe

[2012.07.23 20:48:40 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe

[2012.07.23 20:48:39 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012.07.23 20:48:34 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2012.07.23 20:48:28 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll

[2012.07.23 20:48:15 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcjt32.dll

[2012.07.23 20:48:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbctrac.dll

[2012.07.23 20:48:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll

[2012.07.23 20:48:15 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccu32.dll

[2012.07.23 20:48:15 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccr32.dll

[2012.07.23 20:48:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2012.07.23 20:48:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.07.23 20:48:01 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.07.23 20:47:59 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2012.07.23 20:47:53 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll

[2012.07.23 20:47:52 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll

[2012.07.23 20:47:51 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll

[2012.07.23 20:47:51 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll

[2012.07.23 20:47:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll

[2012.07.23 20:47:51 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll

[2012.07.23 20:47:46 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012.07.23 20:47:44 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

[2012.07.23 20:47:43 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2012.07.23 20:47:43 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012.07.23 20:47:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2012.07.23 20:47:36 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2012.07.23 20:47:36 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2012.07.23 20:46:40 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2012.07.23 20:35:37 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Google

[2012.07.23 20:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012.07.23 20:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012.07.23 20:35:29 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012.07.23 20:35:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012.07.23 20:35:24 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012.07.23 20:35:22 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012.07.23 20:35:22 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012.07.23 20:35:21 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012.07.23 20:34:22 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.07.23 20:34:20 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012.07.23 20:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012.07.23 20:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012.07.23 20:22:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll

[2012.07.23 20:20:38 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Macromedia

[2012.07.23 20:17:30 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2012.07.23 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Adobe

[2012.07.23 20:13:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012.07.23 20:13:46 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012.07.23 20:13:31 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012.07.23 20:13:31 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012.07.23 20:13:31 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012.07.23 20:13:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012.07.23 20:13:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012.07.23 14:11:01 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Intel Corporation

[2012.07.23 14:10:59 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\hpqLog

[2012.07.23 14:10:40 | 000,000,000 | R--D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012.07.23 14:10:40 | 000,000,000 | R--D | C] -- C:\Users\pj\Searches

[2012.07.23 14:10:40 | 000,000,000 | R--D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012.07.23 14:10:33 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Identities

[2012.07.23 14:10:29 | 000,000,000 | R--D | C] -- C:\Users\pj\Contacts

[2012.07.23 14:09:47 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\RemEngine

[2012.07.23 14:06:16 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Roaming\Hewlett-Packard

[2012.07.23 14:06:09 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Hewlett-Packard

[2012.07.23 14:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media

[2012.07.23 14:05:48 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Hewlett-Packard_Company

[2012.07.23 14:03:29 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\VirtualStore

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Vorlagen

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\AppData\Local\Verlauf

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\AppData\Local\Temporary Internet Files

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Startmenü

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\SendTo

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Recent

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Netzwerkumgebung

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Lokale Einstellungen

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Documents\Eigene Videos

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Documents\Eigene Musik

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Eigene Dateien

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Documents\Eigene Bilder

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Druckumgebung

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Cookies

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\AppData\Local\Anwendungsdaten

[2012.07.23 14:03:25 | 000,000,000 | -HSD | C] -- C:\Users\pj\Anwendungsdaten

[2012.07.23 14:03:24 | 000,000,000 | R--D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012.07.23 14:03:24 | 000,000,000 | R--D | C] -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012.07.23 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Temp

[2012.07.23 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\pj\AppData\Local\Microsoft

[2012.07.23 14:03:23 | 000,000,000 | --SD | C] -- C:\Users\pj\AppData\Roaming\Microsoft

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Videos

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Saved Games

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Pictures

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Music

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Links

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Favorites

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Downloads

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Documents

[2012.07.23 14:03:23 | 000,000,000 | R--D | C] -- C:\Users\pj\Desktop

[2012.07.23 14:03:23 | 000,000,000 | -H-D | C] -- C:\Users\pj\AppData

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\Programme

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente

[2012.07.23 14:02:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten

[2012.07.23 13:52:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.26 12:03:11 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.26 12:00:44 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.26 12:00:44 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.26 11:59:36 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.26 11:52:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.26 02:19:40 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.25 21:31:45 | 000,003,764 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2012.07.25 18:01:29 | 000,694,430 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2012.07.25 18:01:29 | 000,689,108 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2012.07.25 18:01:29 | 000,127,144 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2012.07.25 18:01:28 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.07.25 18:01:28 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.07.25 18:01:28 | 000,130,140 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2012.07.25 18:01:28 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.07.25 18:01:28 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.07.24 22:56:10 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2012.07.24 22:45:41 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.07.24 21:37:55 | 000,311,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012.07.24 20:57:55 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\jAlbum.lnk

[2012.07.24 19:20:59 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012.07.24 19:20:59 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012.07.24 19:13:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012.07.24 19:13:12 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012.07.24 10:39:05 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012.07.23 21:47:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.07.23 14:01:52 | 000,150,011 | ---- | M] () -- C:\Windows\System32\license.rtf

[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012.07.03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012.07.03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012.07.03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012.07.03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012.07.03 12:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012.07.03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012.07.03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.07.03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

 
 ========== Files Created - No Company Name ==========

 

[2012.07.24 22:56:09 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk

[2012.07.24 20:57:55 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\jAlbum.lnk

[2012.07.24 20:34:28 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.07.24 19:34:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2012.07.24 19:20:11 | 000,001,915 | ---- | C] () -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk

[2012.07.24 10:39:05 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2012.07.24 10:39:05 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

[2012.07.24 09:22:54 | 000,003,764 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2012.07.24 00:35:40 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

[2012.07.23 20:35:57 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.07.23 20:35:54 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.07.23 14:10:43 | 000,001,409 | ---- | C] () -- C:\Users\pj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012.07.23 14:05:53 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk

[2012.07.23 13:52:01 | 795,762,688 | -HS- | C] () -- C:\hiberfil.sys

[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2011.05.27 16:19:18 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2011.05.09 15:44:54 | 000,689,108 | ---- | C] () -- C:\Windows\System32\perfh010.dat

[2011.05.09 15:44:54 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat

[2011.05.09 15:44:54 | 000,127,144 | ---- | C] () -- C:\Windows\System32\perfc010.dat

[2011.05.09 15:44:54 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat

[2011.05.09 15:36:14 | 000,694,430 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2011.05.09 15:36:14 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2011.05.09 15:36:14 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2011.05.09 15:36:13 | 000,130,140 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2011.05.09 15:26:54 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.05.09 15:26:54 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.05.09 15:26:54 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.05.09 15:26:54 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2011.03.03 15:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 

< End of report >

--- --- ---
[/code]

die extra datei befindet sich ebenfalls im anhang.

kannst du dir das bitte ansehen? ich befürchte, dass ich den rootkit doch noch nicht los bin.

danke und gruss
pj