Trojaner-Board - Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U (https://www.trojaner-board.de/120235-trojaner-rootkit-befall-00000008-c-windows-installer-d1e2a56f-b2e0-272b-03e2-f508e482a5a7-u.html)

Trojaner/Rootkit Befall: 00000008.@ in C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U

Hi,

ich hab mir das gleiche Ding wie Voigt in diesem Thread eingefangen.

Symptom war, eine xsecva.exe hat 100% CPU Auslastung erzeugt und Windows Explorer konnte nicht benutzt werden. Das randomartige Öffnen von neuen Tabs (wie Voigt in seinem Thema beschreibt) habe ich nicht.

Hab dann wie im anderem Thema auch schon erklärt, Malwarebytes Anti-Malware ausgeführt:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.23.11
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

nickv :: NICKV-LAPTOP [Administrator]
 

23.07.2012 22:18:53

mbam-log-2012-07-23 (22-18-53).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 210069

Laufzeit: 3 Minute(n), 51 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|XSECVA (Trojan.Agent) -> Daten: C:\Users\nickv\AppData\Roaming\xsecva\xsecva.exe -s -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 4

C:\Users\nickv\AppData\Roaming\xsecva\xsecva.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\nickv\AppData\Roaming\adcav.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\n (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Nach dem Reparieren bleibt auch bei mir nur der eine letzte Eintrag übrig:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.23.11
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

nickv :: NICKV-LAPTOP [Administrator]
 

23.07.2012 23:10:44

mbam-log-2012-07-23 (23-14-41).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 210271

Laufzeit: 1 Minute(n), 3 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
 

(Ende)

Hier noch OTL-Log:

Code:

OTL logfile created on: 23.07.2012 22:55:22 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\nickv\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,93 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 74,29% Memory free

7,87 Gb Paging File | 6,78 Gb Available in Paging File | 86,20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 60,03 Gb Total Space | 5,05 Gb Free Space | 8,41% Space Free | Partition Type: NTFS

Drive D: | 10,10 Gb Total Space | 5,66 Gb Free Space | 55,98% Space Free | Partition Type: NTFS

Drive E: | 36,25 Gb Total Space | 6,04 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Drive F: | 59,31 Gb Total Space | 13,58 Gb Free Space | 22,89% Space Free | Partition Type: NTFS

Drive G: | 20,62 Gb Total Space | 5,22 Gb Free Space | 25,30% Space Free | Partition Type: NTFS

 

Computer Name: NICKV-LAPTOP | User Name: nickv | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.23 22:52:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.06.08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011.08.16 14:25:24 | 000,102,400 | ---- | M] (Apache Software Foundation) -- C:\Programme\Tomcat 6.0\bin\Tomcat6w.exe

PRC - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.18 15:31:36 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll

MOD - [2012.06.18 15:30:04 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll

MOD - [2012.06.18 15:29:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll

MOD - [2012.06.18 15:24:52 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll

MOD - [2012.06.18 15:24:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll

MOD - [2012.06.18 15:24:36 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll

MOD - [2012.06.18 15:24:33 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll

MOD - [2012.06.18 15:24:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll

MOD - [2012.06.18 15:24:21 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll

MOD - [2012.06.18 15:24:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll

MOD - [2012.06.18 15:24:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll

MOD - [2012.06.18 15:24:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll

MOD - [2012.06.18 15:24:12 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll

MOD - [2012.06.18 15:24:05 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll

MOD - [2012.06.18 13:05:52 | 000,115,137 | ---- | M] () -- C:\Users\nickv\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010.11.21 05:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.09.23 07:40:59 | 000,116,224 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-x64-9.1)

SRV:64bit: - [2011.08.16 14:25:24 | 000,096,256 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Tomcat 6.0\bin\Tomcat6.exe -- (Tomcat6)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.09.13 11:37:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.01.01 01:45:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011.06.03 13:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.02.29 03:17:08 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2008.02.29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2008.02.29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 4C 0F F1 C9 65 CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6923F499-1E7F-48FA-84C1-72F377D88F97}

IE - HKCU\..\SearchScopes\{6923F499-1E7F-48FA-84C1-72F377D88F97}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2008.01.01 01:45:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.01 14:29:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 22:24:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.07 20:02:33 | 000,000,000 | ---D | M]

 

[2011.08.28 20:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Extensions

[2008.01.01 01:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions

[2011.08.28 23:39:08 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.02.22 21:43:36 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\dictionary-switcher@design-noir.de

[2012.05.23 17:21:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\en-US@dictionaries.addons.mozilla.org

[2008.01.01 01:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\staged

[2012.03.08 11:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.01 01:40:30 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

[2011.08.28 21:07:58 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI

[2011.08.28 23:39:08 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI

[2012.06.04 00:49:43 | 000,009,936 | R--- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\HOMERJVODEXPANDER@FLYING-BITS.ORG.XPI

[2011.08.28 23:39:08 | 000,021,763 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI

[2008.01.01 01:45:14 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2008.01.01 01:45:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.21 11:35:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.05.03 09:09:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.03 09:09:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.05.03 09:09:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.05.03 09:09:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.03 09:09:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.05.03 09:09:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [adcav] rundll32.exe "C:\Users\nickv\AppData\Roaming\adcav.dll",BindContext File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW File not found

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [ApacheTomcatMonitor6.0_Tomcat6] C:\Program Files\Tomcat 6.0\bin\Tomcat6w.exe (Apache Software Foundation)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978D8200-1B0A-4185-BA02-17ED700CB30F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE91FF03-6E73-494E-8690-D6396B06C8B7}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.02 12:13:32 | 000,000,033 | ---- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.09.02 12:11:31 | 000,000,028 | ---- | M] () - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.02.06 23:31:28 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2008.05.06 11:30:00 | 000,000,025 | ---- | M] () - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2008.06.29 00:16:40 | 000,000,025 | ---- | M] () - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.08.13 14:34:41 | 000,000,000 | ---D | M] - G:\Autos -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.23 22:52:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

[2012.07.23 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\nickv\AppData\Roaming\Malwarebytes

[2012.07.23 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.23 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.23 22:17:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.23 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware

[2012.07.23 22:16:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\nickv\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.16 02:04:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.07.16 02:04:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.07.16 02:04:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.07.16 02:04:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.07.16 02:04:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.07.16 02:04:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.07.16 02:04:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.07.16 02:04:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.07.16 02:04:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.07.16 02:04:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.07.16 02:04:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.07.16 02:04:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.07.16 02:04:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.07.16 02:01:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.16 02:01:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.16 02:01:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.16 02:01:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.16 02:01:13 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.10 03:48:11 | 000,000,000 | ---D | C] -- C:\Users\nickv\AppData\Local\Macromedia

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.23 22:52:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

[2012.07.23 22:36:55 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 22:36:55 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.23 22:33:24 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.23 22:33:24 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.23 22:33:24 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.23 22:33:24 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.23 22:33:24 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.23 22:27:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.23 22:27:26 | 3167,731,712 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.23 22:17:07 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.23 22:16:11 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\nickv\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.17 03:56:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.07.17 03:56:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.07.17 03:54:28 | 002,292,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.13 07:20:49 | 000,000,600 | ---- | M] () -- C:\Users\nickv\AppData\Roaming\winscp.rnd

[2012.07.12 22:03:29 | 001,040,515 | ---- | M] () -- C:\Users\nickv\Desktop\Entwicklung von mobilen Apps - Folien.pdf

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.28 17:38:22 | 003,067,569 | ---- | M] () -- C:\Users\nickv\.TransferManager.db

 
 ========== Files Created - No Company Name ==========

 

[2012.07.23 22:29:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@

[2012.07.23 22:17:07 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.13 07:20:36 | 001,040,515 | ---- | C] () -- C:\Users\nickv\Desktop\Entwicklung von mobilen Apps - Folien.pdf

[2012.06.28 17:38:21 | 003,067,569 | ---- | C] () -- C:\Users\nickv\.TransferManager.db

[2012.03.13 12:39:20 | 000,002,083 | ---- | C] () -- C:\Users\nickv\mds-sign.keystore

[2012.03.13 12:33:52 | 000,002,280 | ---- | C] () -- C:\Users\nickv\mds.keystore

[2012.01.11 13:01:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\@

[2012.01.11 13:01:47 | 000,002,048 | -HS- | C] () -- C:\Users\nickv\AppData\Local\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\@

[2011.12.31 14:04:50 | 000,000,218 | ---- | C] () -- C:\Users\nickv\.recently-used.xbel

[2011.12.09 20:17:48 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2011.12.09 20:17:48 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2011.11.25 01:53:51 | 000,002,262 | ---- | C] () -- C:\Users\nickv\android-key.keystore

[2011.11.20 17:36:37 | 000,442,368 | R--- | C] () -- C:\Windows\SysWow64\zshp1018.exe

[2011.11.20 17:36:37 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1018.dll

[2011.09.26 01:51:04 | 000,009,768 | ---- | C] () -- C:\Users\nickv\_viminfo

[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.09.07 19:44:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.08.29 03:07:11 | 000,000,600 | ---- | C] () -- C:\Users\nickv\AppData\Local\PUTTY.RND

[2011.08.29 02:17:44 | 000,000,075 | ---- | C] () -- C:\Users\nickv\.gitconfig

[2011.08.29 00:59:26 | 000,117,348 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.08.28 22:31:34 | 000,000,115 | ---- | C] () -- C:\Users\nickv\kvirc4.ini

[2011.08.28 22:03:32 | 000,000,600 | ---- | C] () -- C:\Users\nickv\AppData\Roaming\winscp.rnd

[2011.06.03 13:32:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.06.03 13:32:42 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.06.03 13:32:42 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2008.01.01 00:30:01 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000032.@

[2008.01.01 00:30:01 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000064.@

[2008.01.01 00:30:01 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\L\00000004.@

[2008.01.01 00:29:52 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000004.@

[2008.01.01 00:29:50 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000000.@

[2008.01.01 00:29:46 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\000000cb.@

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
 

< End of report >

und OTL Extra:

Code:

OTL Extras logfile created on: 23.07.2012 22:55:22 - Run 1

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\nickv\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,93 Gb Total Physical Memory | 2,92 Gb Available Physical Memory | 74,29% Memory free

7,87 Gb Paging File | 6,78 Gb Available in Paging File | 86,20% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 60,03 Gb Total Space | 5,05 Gb Free Space | 8,41% Space Free | Partition Type: NTFS

Drive D: | 10,10 Gb Total Space | 5,66 Gb Free Space | 55,98% Space Free | Partition Type: NTFS

Drive E: | 36,25 Gb Total Space | 6,04 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Drive F: | 59,31 Gb Total Space | 13,58 Gb Free Space | 22,89% Space Free | Partition Type: NTFS

Drive G: | 20,62 Gb Total Space | 5,22 Gb Free Space | 25,30% Space Free | Partition Type: NTFS

 

Computer Name: NICKV-LAPTOP | User Name: nickv | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [git_shell] -- wscript "C:\Program Files (x86)\Git\Git Bash.vbs" "%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour

"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)

"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B0F1D023-EF17-43DF-A702-25E0FFFE4129}" = TortoiseGit 1.7.7.0 (64 bit)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D2D22BEE-B7F1-49D0-9ED6-86D0B2CEDFAD}" = TortoiseSVN 1.7.6.22632 (64 bit)

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Apache Tomcat 6.0 Tomcat6" = Apache Tomcat 6.0 Tomcat6 (remove only)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"PostgreSQL 9.1" = PostgreSQL 9.1 

"TeamSpeak 3 Client" = TeamSpeak 3 Client

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5259 Banner Remover 1.0

"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB21B808-F784-4883-A4D4-B1473384C1C6}" = LibreOffice 3.5

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CE522149-F0AE-453C-842B-640B9AE6E2CB}" = Araxis Merge

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3

"Android SDK Tools" = Android SDK Tools

"Dia" = Dia (nur entfernen)

"DivX Setup.divx.com" = DivX-Setup

"Foxit Reader" = Foxit Reader

"Git_is1" = Git version 1.7.6-preview20110708

"HP-LaserJet 1018" = LaserJet 1018

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"KVIrc" = KVIrc

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Notepad++" = Notepad++

"OpenVPN" = OpenVPN 2.2.1

"Opera 11.61.1250" = Opera 11.61

"PhotoFiltre" = PhotoFiltre

"S4Uninst" = Die Siedler IV

"StarCraft II" = StarCraft II

"VLC media player" = VLC media player 1.1.11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"winscp3_is1" = WinSCP 4.3.4

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 31.12.2007 22:02:44 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:02:45 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:07:19 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:07:20 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:07:33 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:07:35 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:07:51 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 31.12.2007 22:07:52 | Computer Name = nickv-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum

 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

.

 

Error - 23.07.2012 16:28:52 | Computer Name = nickv-laptop | Source = PostgreSQL | ID = 0

Description = ZeitÃ¼berschreitung beim Warten auf Start des Servers 

 

Error - 23.07.2012 16:29:17 | Computer Name = nickv-laptop | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 03.07.2012 21:39:27 | Computer Name = nickv-laptop | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?04.?07.?2012 um 03:37:18 unerwartet heruntergefahren.

 

Error - 03.07.2012 23:40:09 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 07.07.2012 04:40:17 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 09.07.2012 22:54:21 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 15.07.2012 20:01:43 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 16.07.2012 00:29:29 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 17.07.2012 19:42:32 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 18.07.2012 00:08:25 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

Error - 31.12.2007 18:29:44 | Computer Name = nickv-laptop | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060

 

Error - 23.07.2012 13:01:24 | Computer Name = nickv-laptop | Source = volsnap | ID = 393252

Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher

 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

 

 

< End of report >

Danach wurde Voigt ein Skript gepostet, dass vermutlich genau auf sein System zugeschnitten ist. Deswegen hab ich ab da dann nicht mehr weiter gemacht, sondern jetzt mal hier ein Thema erstellt.
Ich hoff mir kann jemand helfen?

MfG jetzt LeiderUser (bisher hatte das Gast sein immer gereicht)

Hi,

falls OTL bei der Anweisung ":reg" hängenbleibt, den Rechner von Hand neu booten!

In den abgesicherten Modus (F8 beim Booten) gehen und wie folgt vorgehen:

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:



:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4:64bit: - HKLM..\Run: [adcav] rundll32.exe "C:\Users\nickv\AppData\Roaming\adcav.dll",BindContext File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O32 - AutoRun File - [2010.09.02 12:13:32 | 000,000,033 | ---- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.09.02 12:11:31 | 000,000,028 | ---- | M] () - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.02.06 23:31:28 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2008.05.06 11:30:00 | 000,000,025 | ---- | M] () - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2008.06.29 00:16:40 | 000,000,025 | ---- | M] () - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.08.13 14:34:41 | 000,000,000 | ---D | M] - G:\Autos -- [ NTFS ]

[2012.07.23 22:29:11 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@

[2012.01.11 13:01:47 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\@

[2012.01.11 13:01:47 | 000,002,048 | -HS- | C] () -- C:\Users\nickv\AppData\Local\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\@

[2008.01.01 00:30:01 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000032.@

[2008.01.01 00:30:01 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000064.@

[2008.01.01 00:30:01 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\L\00000004.@

[2008.01.01 00:29:52 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000004.@

[2008.01.01 00:29:50 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000000.@

[2008.01.01 00:29:46 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\000000cb.@
 

:reg

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = dword:0x01
 

:Commands

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Der Rechner sollte jetzt neu booten (falls nicht, von Hand neu starten wieder in den abgesicherten Modus):

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Nach dem erfolgten Restart, MAM updaten und dann ein FULLSCAN,
alle Logs posten...

chris

Auch bei mir hat es sich beim cval aufgehängt.
Hab dann neugestartet und ComboFix durchlaufen lassen:

Code:

ComboFix 12-07-25.02 - nickv 24.07.2012  10:37:50.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4028.3045 [GMT 2:00]

ausgeführt von:: c:\users\nickv\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\nickv\AppData\Local\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\n

c:\users\nickv\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\L\00000004.@

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\L\1afb2d56

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\L\201d3dde

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000004.@

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\000000cb.@

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000000.@

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000032.@

c:\windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\80000064.@

c:\windows\IsUn0407.exe

c:\windows\SysWow64\muzapp.exe

.

Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert 

Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt 

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-06-24 bis 2012-07-24  ))))))))))))))))))))))))))))))

.

.

2012-07-24 08:46 . 2012-07-24 08:46        --------        d-----w-        c:\users\postgres\AppData\Local\temp

2012-07-24 08:46 . 2012-07-24 08:46        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-07-24 08:19 . 2012-07-24 08:19        --------        d-----w-        C:\_OTL

2012-07-23 20:17 . 2012-07-23 20:17        --------        d-----w-        c:\users\nickv\AppData\Roaming\Malwarebytes

2012-07-23 20:17 . 2012-07-23 20:17        --------        d-----w-        c:\programdata\Malwarebytes

2012-07-23 20:17 . 2012-07-23 20:17        --------        d-----w-        c:\program files (x86)\Anti-Malware

2012-07-23 20:17 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-07-16 00:06 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-07-16 00:05 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{45E0D731-0286-4D94-AA0D-897651CE671F}\mpengine.dll

2012-07-16 00:03 . 2012-06-02 12:07        887296        ----a-w-        c:\program files\Internet Explorer\iedvtool.dll

2012-07-16 00:03 . 2012-06-02 12:49        17807360        ----a-w-        c:\windows\system32\mshtml.dll

2012-07-16 00:03 . 2012-06-02 12:17        10924032        ----a-w-        c:\windows\system32\ieframe.dll

2012-07-10 01:48 . 2012-07-10 01:48        --------        d-----w-        c:\users\nickv\AppData\Local\Macromedia

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-17 01:56 . 2012-04-05 12:08        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-17 01:56 . 2011-08-28 19:37        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-21 17:40        38424        ----a-w-        c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 17:40        2428952        ----a-w-        c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 17:40        57880        ----a-w-        c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 17:40        44056        ----a-w-        c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 17:40        701976        ----a-w-        c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 17:40        2622464        ----a-w-        c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 17:40        99840        ----a-w-        c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 17:40        186752        ----a-w-        c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-21 17:40        36864        ----a-w-        c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-05-29 07:38 . 2011-09-16 10:54        330240        ----a-w-        c:\windows\MASetupCaller.dll

2012-05-04 11:06 . 2012-06-13 09:57        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-04 11:00 . 2012-06-13 09:57        366592        ----a-w-        c:\windows\system32\qdvd.dll

2012-05-04 10:03 . 2012-06-13 09:57        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 09:57        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-05-04 09:59 . 2012-06-13 09:57        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2012-05-01 05:40 . 2012-06-13 09:57        209920        ----a-w-        c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 09:57        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 09:57        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 09:57        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 09:57        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        64792        ----a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"ApacheTomcatMonitor6.0_Tomcat6"="c:\program files\Tomcat 6.0\bin\Tomcat6w.exe" [2011-08-16 102400]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-28 1196048]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 36328]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2007-12-31 113120]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R4 Tomcat6;Apache Tomcat 6.0 Tomcat6;c:\program files\Tomcat 6.0\bin\Tomcat6.exe [2011-08-16 96256]

S2 postgresql-x64-9.1;postgresql-x64-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-x64-9.1 -D C:/Program Files/PostgreSQL/9.1/data -w [x]

S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 09:20        75544        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-03 162584]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-03 386840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-03 417560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\nickv\AppData\Roaming\Mozilla\Firefox\Profiles\7evrvpd8.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-DivXUpdate - c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe

HKLM-Run-adcav - c:\users\nickv\AppData\Roaming\adcav.dll

AddRemove-S4Uninst - c:\windows\IsUn0407.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]

"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.1]

"ImagePath"="C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.1\" -D \"C:/Program Files/PostgreSQL/9.1/data\" -w"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files\Logitech\SetPoint\x86\SetPoint32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-07-24  10:54:29 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-07-24 08:54

.

Vor Suchlauf: 5.231.267.840 Bytes frei

Nach Suchlauf: 6.667.284.480 Bytes frei

.

- - End Of File - - 5B4F6984423B7AEB35F9DC15DAEA58EF

Danach hab ich nochmal MAM laufen lassen:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.07.23.11
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

nickv :: NICKV-LAPTOP [Administrator]
 

24.07.2012 11:02:23

mbam-log-2012-07-24 (12-31-49).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 665722

Laufzeit: 1 Stunde(n), 27 Minute(n), 4 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Qoobox\Quarantine\C\Users\nickv\AppData\Local\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\n.vir (Rootkit.0Access) -> Keine Aktion durchgeführt.

C:\Qoobox\Quarantine\C\Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.

C:\_OTL\MovedFiles\07242012_101926\C_Windows\Installer\{d1e2a56f-b2e0-272b-03e2-f508e482a5a7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.
 

(Ende)

Und zum Abschluss nochmal OTL:

Code:

OTL logfile created on: 24.07.2012 12:34:07 - Run 2

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\nickv\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,93 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 46,05% Memory free

7,87 Gb Paging File | 5,86 Gb Available in Paging File | 74,55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 60,03 Gb Total Space | 6,32 Gb Free Space | 10,53% Space Free | Partition Type: NTFS

Drive D: | 10,10 Gb Total Space | 5,66 Gb Free Space | 55,98% Space Free | Partition Type: NTFS

Drive E: | 36,25 Gb Total Space | 6,04 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Drive F: | 59,31 Gb Total Space | 13,58 Gb Free Space | 22,89% Space Free | Partition Type: NTFS

Drive G: | 20,62 Gb Total Space | 5,22 Gb Free Space | 25,31% Space Free | Partition Type: NTFS

 

Computer Name: NICKV-LAPTOP | User Name: nickv | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.23 22:52:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.06.08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011.08.16 14:25:24 | 000,102,400 | ---- | M] (Apache Software Foundation) -- C:\Programme\Tomcat 6.0\bin\Tomcat6w.exe

PRC - [2011.07.05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe

PRC - [2011.06.24 22:56:24 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

PRC - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.24 11:00:22 | 000,115,137 | ---- | M] () -- C:\Users\nickv\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2012.06.18 15:31:36 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll

MOD - [2012.06.18 15:30:04 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll

MOD - [2012.06.18 15:29:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll

MOD - [2012.06.18 15:24:52 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll

MOD - [2012.06.18 15:24:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll

MOD - [2012.06.18 15:24:36 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll

MOD - [2012.06.18 15:24:33 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll

MOD - [2012.06.18 15:24:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll

MOD - [2012.06.18 15:24:21 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll

MOD - [2012.06.18 15:24:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll

MOD - [2012.06.18 15:24:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll

MOD - [2012.06.18 15:24:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll

MOD - [2012.06.18 15:24:12 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll

MOD - [2012.06.18 15:24:05 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll

MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012.03.08 20:11:36 | 000,070,424 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll

MOD - [2012.02.09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Programme\TortoiseGit\bin\zlib132.dll

MOD - [2012.02.09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Programme\TortoiseGit\bin\libgit232.dll

MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.09.23 07:40:59 | 000,116,224 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-x64-9.1)

SRV:64bit: - [2011.08.16 14:25:24 | 000,096,256 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Tomcat 6.0\bin\Tomcat6.exe -- (Tomcat6)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.09.13 11:37:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.01.01 01:45:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011.06.03 13:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.02.29 03:17:08 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2008.02.29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2008.02.29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 4C 0F F1 C9 65 CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6923F499-1E7F-48FA-84C1-72F377D88F97}

IE - HKCU\..\SearchScopes\{6923F499-1E7F-48FA-84C1-72F377D88F97}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2008.01.01 01:45:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.01 14:29:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 22:24:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.07 20:02:33 | 000,000,000 | ---D | M]

 

[2011.08.28 20:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Extensions

[2008.01.01 01:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions

[2011.08.28 23:39:08 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.02.22 21:43:36 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\dictionary-switcher@design-noir.de

[2012.05.23 17:21:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\en-US@dictionaries.addons.mozilla.org

[2008.01.01 01:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\staged

[2012.03.08 11:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.01 01:40:30 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

[2011.08.28 21:07:58 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI

[2011.08.28 23:39:08 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI

[2012.06.04 00:49:43 | 000,009,936 | R--- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\HOMERJVODEXPANDER@FLYING-BITS.ORG.XPI

[2011.08.28 23:39:08 | 000,021,763 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI

[2008.01.01 01:45:14 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2008.01.01 01:45:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.21 11:35:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.05.03 09:09:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.03 09:09:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.05.03 09:09:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.05.03 09:09:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.03 09:09:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.05.03 09:09:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.07.24 10:48:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [adcav] rundll32.exe "C:\Users\nickv\AppData\Roaming\adcav.dll",BindContext File not found

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [ApacheTomcatMonitor6.0_Tomcat6] C:\Program Files\Tomcat 6.0\bin\Tomcat6w.exe (Apache Software Foundation)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978D8200-1B0A-4185-BA02-17ED700CB30F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE91FF03-6E73-494E-8690-D6396B06C8B7}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.06 23:31:28 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2011.08.13 14:34:41 | 000,000,000 | ---D | M] - G:\Autos -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.24 10:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.07.24 10:54:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.07.24 10:35:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.07.24 10:35:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.07.24 10:35:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.07.24 10:30:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.07.24 10:30:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.07.24 10:28:28 | 004,584,386 | R--- | C] (Swearware) -- C:\Users\nickv\Desktop\ComboFix.exe

[2012.07.24 10:19:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.07.23 22:52:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

[2012.07.23 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\nickv\AppData\Roaming\Malwarebytes

[2012.07.23 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.23 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.23 22:17:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.23 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware

[2012.07.23 22:16:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\nickv\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.16 02:04:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.07.16 02:04:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.07.16 02:04:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.07.16 02:04:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.07.16 02:04:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.07.16 02:04:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.07.16 02:04:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.07.16 02:04:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.07.16 02:04:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.07.16 02:04:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.07.16 02:04:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.07.16 02:04:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.07.16 02:04:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.07.16 02:01:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.16 02:01:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.16 02:01:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.16 02:01:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.16 02:01:13 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.10 03:48:11 | 000,000,000 | ---D | C] -- C:\Users\nickv\AppData\Local\Macromedia

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.24 11:06:36 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.24 11:06:36 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.24 11:06:23 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.24 11:06:23 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.24 11:06:23 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.24 11:06:23 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.24 11:06:23 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.24 10:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.24 10:59:05 | 3167,731,712 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.24 10:48:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.07.24 10:28:39 | 004,584,386 | R--- | M] (Swearware) -- C:\Users\nickv\Desktop\ComboFix.exe

[2012.07.23 22:52:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

[2012.07.23 22:17:07 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.23 22:16:11 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\nickv\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.17 03:56:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.07.17 03:56:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.07.17 03:54:28 | 002,292,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.13 07:20:49 | 000,000,600 | ---- | M] () -- C:\Users\nickv\AppData\Roaming\winscp.rnd

[2012.07.12 22:03:29 | 001,040,515 | ---- | M] () -- C:\Users\nickv\Desktop\Entwicklung von mobilen Apps - Folien.pdf

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.28 17:38:22 | 003,067,569 | ---- | M] () -- C:\Users\nickv\.TransferManager.db

 
 ========== Files Created - No Company Name ==========

 

[2012.07.24 10:35:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.07.24 10:35:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.07.24 10:35:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.07.24 10:35:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.07.24 10:35:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.07.23 22:17:07 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.13 07:20:36 | 001,040,515 | ---- | C] () -- C:\Users\nickv\Desktop\Entwicklung von mobilen Apps - Folien.pdf

[2012.06.28 17:38:21 | 003,067,569 | ---- | C] () -- C:\Users\nickv\.TransferManager.db

[2012.03.13 12:39:20 | 000,002,083 | ---- | C] () -- C:\Users\nickv\mds-sign.keystore

[2012.03.13 12:33:52 | 000,002,280 | ---- | C] () -- C:\Users\nickv\mds.keystore

[2011.12.31 14:04:50 | 000,000,218 | ---- | C] () -- C:\Users\nickv\.recently-used.xbel

[2011.12.09 20:17:48 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2011.12.09 20:17:48 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2011.11.25 01:53:51 | 000,002,262 | ---- | C] () -- C:\Users\nickv\android-key.keystore

[2011.11.20 17:36:37 | 000,442,368 | R--- | C] () -- C:\Windows\SysWow64\zshp1018.exe

[2011.11.20 17:36:37 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1018.dll

[2011.09.26 01:51:04 | 000,009,768 | ---- | C] () -- C:\Users\nickv\_viminfo

[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.09.07 19:44:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.08.29 03:07:11 | 000,000,600 | ---- | C] () -- C:\Users\nickv\AppData\Local\PUTTY.RND

[2011.08.29 02:17:44 | 000,000,075 | ---- | C] () -- C:\Users\nickv\.gitconfig

[2011.08.29 00:59:26 | 000,117,348 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.08.28 22:31:34 | 000,000,115 | ---- | C] () -- C:\Users\nickv\kvirc4.ini

[2011.08.28 22:03:32 | 000,000,600 | ---- | C] () -- C:\Users\nickv\AppData\Roaming\winscp.rnd

[2011.06.03 13:32:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.06.03 13:32:42 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.06.03 13:32:42 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
 

< End of report >

Beim Neustart erschien dann aber noch eine Fehlermeldung:

Code:

Problem beim Starten von C:\Users\nickv\AppData\Roaming\advac.dll

Das angegebene Modul wurde nicht gefunden.

Hi,

folgendes OTL-Script abfahren:

Code:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4:64bit: - HKLM..\Run: [adcav] rundll32.exe "C:\Users\nickv\AppData\Roaming\adcav.dll",BindContext File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O32 - AutoRun File - [2010.09.02 12:13:32 | 000,000,033 | ---- | M] () - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010.09.02 12:11:31 | 000,000,028 | ---- | M] () - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.02.06 23:31:28 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2008.05.06 11:30:00 | 000,000,025 | ---- | M] () - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2008.06.29 00:16:40 | 000,000,025 | ---- | M] () - G:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.08.13 14:34:41 | 000,000,000 | ---D | M] - G:\Autos -- [ NTFS ]
 

:Commands

[emptytemp]

[Reboot]

Erstelle und poste ein neues OTL-Log...

chris

Habs ausgeführt:

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\adcav deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.

File D:\autorun.inf not found.

File E:\autorun.inf not found.

File  not found.

File F:\autorun.inf not found.

File G:\autorun.inf not found.

File  not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: nickv

->Temp folder emptied: 116127 bytes

->Temporary Internet Files folder emptied: 4276668 bytes

->Java cache emptied: 1766922 bytes

->FireFox cache emptied: 317163275 bytes

->Apple Safari cache emptied: 102045696 bytes

->Opera cache emptied: 6590403 bytes

->Flash cache emptied: 2299 bytes

 

User: nickvergessen

->Temp folder emptied: 0 bytes

 

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 412,00 mb

 

 

OTL by OldTimer - Version 3.2.54.0 log created on 07242012_141657
 

Files\Folders moved on Reboot...

C:\Users\nickv\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

PendingFileRenameOperations files...

File C:\Users\nickv\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
 

Registry entries deleted on Reboot...

Und hier noch der OTL Log:

Code:

OTL logfile created on: 24.07.2012 14:22:38 - Run 3

OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\nickv\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,93 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 73,93% Memory free

7,87 Gb Paging File | 6,70 Gb Available in Paging File | 85,21% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 60,03 Gb Total Space | 6,42 Gb Free Space | 10,69% Space Free | Partition Type: NTFS

Drive D: | 10,10 Gb Total Space | 5,66 Gb Free Space | 55,98% Space Free | Partition Type: NTFS

Drive E: | 36,25 Gb Total Space | 6,04 Gb Free Space | 16,66% Space Free | Partition Type: NTFS

Drive F: | 59,31 Gb Total Space | 13,58 Gb Free Space | 22,89% Space Free | Partition Type: NTFS

Drive G: | 20,62 Gb Total Space | 5,22 Gb Free Space | 25,31% Space Free | Partition Type: NTFS

 

Computer Name: NICKV-LAPTOP | User Name: nickv | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.07.23 22:52:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2012.06.08 13:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011.08.16 14:25:24 | 000,102,400 | ---- | M] (Apache Software Foundation) -- C:\Programme\Tomcat 6.0\bin\Tomcat6w.exe

PRC - [2011.07.05 20:04:50 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe

PRC - [2011.06.24 22:56:24 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

PRC - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.07.24 14:21:20 | 000,115,137 | ---- | M] () -- C:\Users\nickv\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll

MOD - [2012.06.18 15:31:36 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll

MOD - [2012.06.18 15:30:04 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll

MOD - [2012.06.18 15:29:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll

MOD - [2012.06.18 15:24:52 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll

MOD - [2012.06.18 15:24:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll

MOD - [2012.06.18 15:24:36 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll

MOD - [2012.06.18 15:24:33 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll

MOD - [2012.06.18 15:24:25 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll

MOD - [2012.06.18 15:24:21 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll

MOD - [2012.06.18 15:24:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll

MOD - [2012.06.18 15:24:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll

MOD - [2012.06.18 15:24:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll

MOD - [2012.06.18 15:24:12 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll

MOD - [2012.06.18 15:24:05 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll

MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2012.03.08 20:11:36 | 000,070,424 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll

MOD - [2012.02.09 10:25:14 | 000,071,352 | ---- | M] () -- C:\Programme\TortoiseGit\bin\zlib132.dll

MOD - [2012.02.09 10:25:08 | 000,227,512 | ---- | M] () -- C:\Programme\TortoiseGit\bin\libgit232.dll

MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2008.05.02 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.09.23 07:40:59 | 000,116,224 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe -- (postgresql-x64-9.1)

SRV:64bit: - [2011.08.16 14:25:24 | 000,096,256 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\Tomcat 6.0\bin\Tomcat6.exe -- (Tomcat6)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.09.13 11:37:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.01.01 01:45:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.10.27 03:25:52 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2011.10.27 03:25:52 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2011.10.27 03:25:52 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2011.10.27 03:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011.10.27 03:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011.10.27 03:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011.10.27 03:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011.07.01 11:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011.06.03 13:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.02.29 03:17:08 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2008.02.29 03:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2008.02.29 03:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 4C 0F F1 C9 65 CC 01  [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {6923F499-1E7F-48FA-84C1-72F377D88F97}

IE - HKCU\..\SearchScopes\{6923F499-1E7F-48FA-84C1-72F377D88F97}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2008.01.01 01:45:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.01 14:29:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.28 22:24:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.07 20:02:33 | 000,000,000 | ---D | M]

 

[2011.08.28 20:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Extensions

[2008.01.01 01:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions

[2011.08.28 23:39:08 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.02.22 21:43:36 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\dictionary-switcher@design-noir.de

[2012.05.23 17:21:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\en-US@dictionaries.addons.mozilla.org

[2008.01.01 01:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickv\AppData\Roaming\mozilla\Firefox\Profiles\7evrvpd8.default\extensions\staged

[2012.03.08 11:06:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.03.01 01:40:30 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI

[2011.08.28 21:07:58 | 000,089,442 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI

[2011.08.28 23:39:08 | 000,042,336 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI

[2012.06.04 00:49:43 | 000,009,936 | R--- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\HOMERJVODEXPANDER@FLYING-BITS.ORG.XPI

[2011.08.28 23:39:08 | 000,021,763 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\LOCATIONBAR2@DESIGN-NOIR.DE.XPI

[2008.01.01 01:45:14 | 000,163,080 | ---- | M] () (No name found) -- C:\USERS\NICKV\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7EVRVPD8.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2008.01.01 01:45:12 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.21 11:35:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.05.03 09:09:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.03 09:09:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.05.03 09:09:18 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.05.03 09:09:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.05.03 09:09:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.05.03 09:09:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.07.24 10:48:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [ApacheTomcatMonitor6.0_Tomcat6] C:\Program Files\Tomcat 6.0\bin\Tomcat6w.exe (Apache Software Foundation)

O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978D8200-1B0A-4185-BA02-17ED700CB30F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE91FF03-6E73-494E-8690-D6396B06C8B7}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011.02.06 23:31:28 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2011.08.13 14:34:41 | 000,000,000 | ---D | M] - G:\Autos -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.07.24 10:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.07.24 10:54:31 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012.07.24 10:35:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.07.24 10:35:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.07.24 10:35:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.07.24 10:30:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.07.24 10:30:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012.07.24 10:28:28 | 004,584,386 | R--- | C] (Swearware) -- C:\Users\nickv\Desktop\ComboFix.exe

[2012.07.24 10:19:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.07.23 22:52:31 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

[2012.07.23 22:17:42 | 000,000,000 | ---D | C] -- C:\Users\nickv\AppData\Roaming\Malwarebytes

[2012.07.23 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.07.23 22:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.07.23 22:17:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.07.23 22:17:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware

[2012.07.23 22:16:04 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\nickv\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.16 02:04:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.07.16 02:04:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.07.16 02:04:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.07.16 02:04:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.07.16 02:04:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.07.16 02:04:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.07.16 02:04:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.07.16 02:04:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.07.16 02:04:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.07.16 02:04:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.07.16 02:04:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.07.16 02:04:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.07.16 02:04:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.07.16 02:01:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012.07.16 02:01:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll

[2012.07.16 02:01:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll

[2012.07.16 02:01:14 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll

[2012.07.16 02:01:13 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll

[2012.07.10 03:48:11 | 000,000,000 | ---D | C] -- C:\Users\nickv\AppData\Local\Macromedia

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.07.24 14:27:07 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.07.24 14:27:07 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.07.24 14:24:59 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.07.24 14:24:59 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.07.24 14:24:59 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.07.24 14:24:59 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.07.24 14:24:59 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.07.24 14:18:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.07.24 14:18:25 | 3167,731,712 | -HS- | M] () -- C:\hiberfil.sys

[2012.07.24 10:48:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012.07.24 10:28:39 | 004,584,386 | R--- | M] (Swearware) -- C:\Users\nickv\Desktop\ComboFix.exe

[2012.07.23 22:52:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\nickv\Desktop\OTL.exe

[2012.07.23 22:17:07 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.23 22:16:11 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\nickv\Desktop\mbam-setup-1.62.0.1300.exe

[2012.07.17 03:56:13 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.07.17 03:56:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.07.17 03:54:28 | 002,292,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.07.13 07:20:49 | 000,000,600 | ---- | M] () -- C:\Users\nickv\AppData\Roaming\winscp.rnd

[2012.07.12 22:03:29 | 001,040,515 | ---- | M] () -- C:\Users\nickv\Desktop\Entwicklung von mobilen Apps - Folien.pdf

[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.06.28 17:38:22 | 003,067,569 | ---- | M] () -- C:\Users\nickv\.TransferManager.db

 
 ========== Files Created - No Company Name ==========

 

[2012.07.24 10:35:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.07.24 10:35:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.07.24 10:35:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.07.24 10:35:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.07.24 10:35:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.07.23 22:17:07 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.07.13 07:20:36 | 001,040,515 | ---- | C] () -- C:\Users\nickv\Desktop\Entwicklung von mobilen Apps - Folien.pdf

[2012.06.28 17:38:21 | 003,067,569 | ---- | C] () -- C:\Users\nickv\.TransferManager.db

[2012.03.13 12:39:20 | 000,002,083 | ---- | C] () -- C:\Users\nickv\mds-sign.keystore

[2012.03.13 12:33:52 | 000,002,280 | ---- | C] () -- C:\Users\nickv\mds.keystore

[2011.12.31 14:04:50 | 000,000,218 | ---- | C] () -- C:\Users\nickv\.recently-used.xbel

[2011.12.09 20:17:48 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll

[2011.12.09 20:17:48 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll

[2011.11.25 01:53:51 | 000,002,262 | ---- | C] () -- C:\Users\nickv\android-key.keystore

[2011.11.20 17:36:37 | 000,442,368 | R--- | C] () -- C:\Windows\SysWow64\zshp1018.exe

[2011.11.20 17:36:37 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1018.dll

[2011.09.26 01:51:04 | 000,009,768 | ---- | C] () -- C:\Users\nickv\_viminfo

[2011.09.16 12:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.09.16 12:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2011.09.16 12:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2011.09.16 12:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2011.09.16 12:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2011.09.07 19:44:50 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2011.08.29 03:07:11 | 000,000,600 | ---- | C] () -- C:\Users\nickv\AppData\Local\PUTTY.RND

[2011.08.29 02:17:44 | 000,000,075 | ---- | C] () -- C:\Users\nickv\.gitconfig

[2011.08.29 00:59:26 | 000,117,348 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2011.08.28 22:31:34 | 000,000,115 | ---- | C] () -- C:\Users\nickv\kvirc4.ini

[2011.08.28 22:03:32 | 000,000,600 | ---- | C] () -- C:\Users\nickv\AppData\Roaming\winscp.rnd

[2011.06.03 13:32:42 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2011.06.03 13:32:42 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2011.06.03 13:32:42 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BC359956
 

< End of report >

Hi,

das sieht gut aus, die Fehlermeldung sollte jetzt auch weg sein.

Combofix deinstallieren:
Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist.
Combofix deinstallieren http://www.bleepstatic.com/combofix/en/run-box.jpg

OTL und das Verzeichnis C:\_OTL löschen..

Wenn sich der Rechner normal verhält, dann wären wir erstmal durch...

chris

Zitat:

Zitat von Chris4You (Beitrag 872533)

das sieht gut aus, die Fehlermeldung sollte jetzt auch weg sein.

Richtig.

Hab die Programme jetzt entfernt.

Chris, ich danke dir vielmals für die Hilfe! Hast mir damit einmal Neuaufsetzen erspart, was doch immer um einiges stressiger ist.