Trojaner-Board - My Start - Incredibar-Ich krieg ihn nicht weg.

Hallo,

im Forum steht ja schon so mancher tip, aber ich habe leider trotzdem noch immer incredibar.com als startseite wenn ich tabs öffne. zwar ist es bei addons und auch in der systemsteuerung raus, aber leider noch nicht bei tabs.

ich habe folgendes schon gemacht:

malwarebytes:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daivoon :: DAIVOON-PC [Administrator]

Schutz: Aktiviert

08.09.2012 17:25:31
mbam-log-2012-09-08 (17-25-31).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226034
Laufzeit: 2 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

danach hab ich noch adware cleaner laufen lassen

AdwCleaner v2.000 - Datei am 09/08/2012 um 17:24:41 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daivoon - DAIVOON-PC
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Daivoon\Downloads\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\39kf9qu1.default\extensions\toolbar@alexa.com.xpi
Ordner Gefunden : C:\Users\Daivoon\AppData\Local\Software
Ordner Gefunden : C:\Users\Daivoon\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb174?a=6OyNuoUQdq&i=26

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Daivoon\AppData\Roaming\Mozilla\Firefox\Profiles\39kf9qu1.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6OyNuoUQdq&loc=FF_NT");
Gefunden : user_pref("browser.search.defaultenginename", "MyStart Search");
Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("extensions.alexa.toolbarXMLText", "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<toolbar>\[...]
Gefunden : user_pref("extensions.incredibar.actvtyRptTime", "1347101275031");
Gefunden : user_pref("extensions.incredibar.admin", false);
Gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Gefunden : user_pref("extensions.incredibar.cntry", "ES");
Gefunden : user_pref("extensions.incredibar.dfltLng", "EN");
Gefunden : user_pref("extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("extensions.incredibar.dfltlng", "en");
Gefunden : user_pref("extensions.incredibar.dfltsrch", "false");
Gefunden : user_pref("extensions.incredibar.did", "10671");
Gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("extensions.incredibar.excTlbr", false);
Gefunden : user_pref("extensions.incredibar.hdrMd5", "53BBAEF47A95E0BB449BA7E5900C415A");
Gefunden : user_pref("extensions.incredibar.hmpg", false);
Gefunden : user_pref("extensions.incredibar.hrdid", "54f104400000000000003860773d1449");
Gefunden : user_pref("extensions.incredibar.id", "54f104400000000000003860773d1449");
Gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar.instlDay", "15591");
Gefunden : user_pref("extensions.incredibar.instlRef", "");
Gefunden : user_pref("extensions.incredibar.instlday", "15591");
Gefunden : user_pref("extensions.incredibar.instlref", "");
Gefunden : user_pref("extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Gefunden : user_pref("extensions.incredibar.keywordurl", "");
Gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:47:38");
Gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("extensions.incredibar.newTab", false);
Gefunden : user_pref("extensions.incredibar.newtab", "false");
Gefunden : user_pref("extensions.incredibar.newtaburl", "");
Gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("extensions.incredibar.ppd", "77777174");
Gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar.productid", "26");
Gefunden : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Gefunden : user_pref("extensions.incredibar.sg", "none");
Gefunden : user_pref("extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar.smplgrp", "none");
Gefunden : user_pref("extensions.incredibar.srch", "");
Gefunden : user_pref("extensions.incredibar.srchprvdr", "");
Gefunden : user_pref("extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyNuoUQdq&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.tlbrid", "base");
Gefunden : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyNuoUQdq&loc=IB_T[...]
Gefunden : user_pref("extensions.incredibar.upn2", "6OyNuoUQdq");
Gefunden : user_pref("extensions.incredibar.upn2n", "92262070517144912");
Gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:47:38");
Gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar.vrsnts", "1.5.11.1411:47:38");
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10671");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "54f104400000000000003860773d1449");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15591");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "77777174");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyNuoUQdq&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyNuoUQdq");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92262070517144912");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:47:38");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyNuoUQdq&&i=26&search="[...]
Gefunden : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [7959 octets] - [08/09/2012 17:19:23]
AdwCleaner[R2].txt - [7898 octets] - [08/09/2012 17:24:41]

########## EOF - C:\AdwCleaner[R2].txt - [7958 octets] ##########

und zum schluss noch otl by old timerOTL Logfile:

Code:

OTL logfile created on: 08.09.2012 17:28:48 - Run 1

OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Daivoon\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Alemania | Language: DEU | Date Format: dd.MM.yyyy

 

5,98 Gb Total Physical Memory | 3,86 Gb Available Physical Memory | 64,54% Memory free

11,96 Gb Paging File | 9,64 Gb Available in Paging File | 80,58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 222,95 Gb Total Space | 152,51 Gb Free Space | 68,41% Space Free | Partition Type: NTFS

Drive D: | 223,71 Gb Total Space | 176,21 Gb Free Space | 78,77% Space Free | Partition Type: NTFS

 

Computer Name: DAIVOON-PC | User Name: Daivoon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.08 17:27:53 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Daivoon\Downloads\OTL.exe

PRC - [2012.09.08 17:18:45 | 000,511,265 | ---- | M] () -- C:\Users\Daivoon\Downloads\adwcleaner.exe

PRC - [2012.09.08 15:42:07 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012.09.04 08:27:30 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe

PRC - [2012.08.29 09:06:29 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

PRC - [2012.08.21 10:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.08.14 10:52:28 | 001,014,624 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2011.10.12 11:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe

PRC - [2011.10.12 11:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

PRC - [2011.10.12 11:22:00 | 000,214,312 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe

PRC - [2011.08.31 11:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe

PRC - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

PRC - [2011.07.23 07:39:08 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2011.04.02 22:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe

PRC - [2011.03.29 03:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

PRC - [2011.03.29 03:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

PRC - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

PRC - [2009.10.07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

PRC - [2007.04.30 01:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0420Mon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.09.08 17:18:45 | 000,511,265 | ---- | M] () -- C:\Users\Daivoon\Downloads\adwcleaner.exe

MOD - [2012.09.08 15:42:07 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012.09.04 08:27:30 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

MOD - [2012.08.29 09:06:30 | 002,061,280 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

MOD - [2012.08.29 09:06:30 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

MOD - [2012.08.29 09:06:30 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

MOD - [2011.10.12 11:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe

MOD - [2011.10.12 11:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll

MOD - [2011.08.11 04:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe

MOD - [2011.08.11 04:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

MOD - [2011.07.23 07:38:56 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2012.08.21 10:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011.04.22 17:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009.10.07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2012.09.08 15:42:07 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.04 08:27:30 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.06.19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2011.07.23 07:39:08 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.05.30 03:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2011.04.02 22:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010.12.20 11:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010.12.20 11:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010.05.04 20:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.08.21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012.08.21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012.08.21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012.08.21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012.08.21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012.08.21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.07.11 05:04:46 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011.07.11 05:04:46 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011.07.11 05:04:46 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011.07.08 10:36:16 | 006,416,256 | ---- | M] (Etron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETdrv.sys -- (USBET)

DRV:64bit: - [2011.06.30 07:03:04 | 000,054,784 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011.06.30 07:03:02 | 000,077,696 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011.05.16 15:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.05.10 10:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.10.19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.08.11 04:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009.10.07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009.04.30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2009.04.30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007.05.31 09:33:32 | 000,107,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\V0420Vid.sys -- (V0420VID)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

IE - HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb174?a=6OyNuoUQdq&i=26

IE - HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

IE - HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyNuoUQdq&i=26

IE - HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "MyStart Search"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.at"

FF - prefs.js..extensions.enabledAddons: toolbar@alexa.com:2.15

FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466

FF - prefs.js..extensions.enabledAddons: ffe_ff3aeroff4@game-point.net:2.0.1

FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyNuoUQdq&&i=26&search="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.29 15:46:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.28 08:36:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 15:42:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.28 14:32:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.29 15:46:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 15:42:07 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.06.28 12:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daivoon\AppData\Roaming\mozilla\Extensions

[2012.09.08 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daivoon\AppData\Roaming\mozilla\Firefox\Profiles\39kf9qu1.default\extensions

[2012.06.28 13:14:33 | 000,827,050 | ---- | M] () (No name found) -- C:\Users\Daivoon\AppData\Roaming\mozilla\firefox\profiles\39kf9qu1.default\extensions\ffe_ff3aeroff4@game-point.net.xpi

[2012.08.25 12:21:43 | 000,344,888 | ---- | M] () (No name found) -- C:\Users\Daivoon\AppData\Roaming\mozilla\firefox\profiles\39kf9qu1.default\extensions\toolbar@alexa.com.xpi

[2012.08.25 16:27:33 | 000,001,533 | ---- | M] () -- C:\Users\Daivoon\AppData\Roaming\mozilla\firefox\profiles\39kf9qu1.default\searchplugins\web-search-powered-by-google.xml

[2012.06.28 14:09:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.06.28 14:09:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.08.28 08:36:39 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012.09.08 15:42:07 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.08 15:42:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [V0420Mon.exe] C:\Windows\V0420Mon.exe (Creative Technology Ltd.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O4 - Startup: C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3147B88F-E6A9-4E5E-8993-65321C2D6BAE}: DhcpNameServer = 80.58.61.250 80.58.61.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.07.05 11:19:39 | 000,000,000 | ---D | M] - D:\Autounfall -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.08 16:37:24 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\AppData\Roaming\Malwarebytes

[2012.09.08 16:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.08 16:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.09.08 16:37:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.09.08 16:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.08 13:02:05 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\AppData\Local\{DA19772C-B362-4088-A395-93A90F72A6D5}

[2012.09.08 12:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira UnErase Personal

[2012.09.08 12:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.09.08 12:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BadCopy Pro

[2012.09.07 14:17:59 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\Desktop\2012_09_07

[2012.09.06 12:10:30 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\Desktop\wedding

[2012.09.06 11:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.09.06 11:45:34 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.09.06 11:45:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.09.06 11:45:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.09.06 11:45:30 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.09.06 11:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.09.06 11:36:43 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2012.09.06 11:36:43 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2012.09.06 11:36:42 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2012.09.06 11:36:34 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2012.09.06 11:36:34 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2012.09.06 11:36:34 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2012.09.06 11:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012.08.24 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

[2012.08.24 13:26:28 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\Desktop\fotos familie jedinger

[2012.08.23 13:33:57 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\AppData\Roaming\Leadertech

[2012.08.23 13:32:50 | 002,755,096 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\LV302V64.SYS

[2012.08.23 13:32:50 | 000,764,952 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUI64.dll

[2012.08.23 13:32:50 | 000,559,640 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\LVUIRC64.dll

[2012.08.23 13:32:50 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2RC.dll

[2012.08.23 13:32:50 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\LVUI2.dll

[2012.08.23 13:32:50 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\Windows\SysWow64\lvcodec2.dll

[2012.08.23 13:32:50 | 000,398,360 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvcod64.dll

[2012.08.23 13:32:50 | 000,327,576 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lvrs64.sys

[2012.08.23 13:32:50 | 000,266,776 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\lvco1201278.dll

[2012.08.23 13:32:49 | 000,015,896 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\drivers\lv302a64.sys

[2012.08.23 13:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012.08.23 13:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2012.08.23 13:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd

[2012.08.23 13:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd

[2012.08.23 10:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote

[2012.08.22 08:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2012.08.19 17:19:14 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\Desktop\kurt

[2012.08.18 09:09:50 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\Desktop\Tauchertaufe 2012_08_17

[2012.08.15 19:53:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012.08.15 19:53:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012.08.15 19:53:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012.08.15 19:53:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012.08.15 19:53:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012.08.15 19:53:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012.08.15 19:53:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012.08.15 19:53:18 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012.08.15 19:53:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012.08.15 19:53:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012.08.15 19:53:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012.08.15 19:53:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012.08.15 19:53:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012.08.15 18:52:43 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012.08.15 18:52:42 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012.08.15 18:52:42 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012.08.15 18:52:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012.08.15 18:52:41 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2012.08.15 18:52:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012.08.15 18:52:41 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012.08.15 18:52:41 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012.08.13 17:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in

[2012.08.13 12:29:02 | 000,000,000 | ---D | C] -- C:\Users\Daivoon\Desktop\sink building

[1 C:\Users\Daivoon\Desktop\*.tmp files -> C:\Users\Daivoon\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.08 17:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.08 16:56:30 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.08 16:56:30 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.08 16:49:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.08 16:49:08 | 521,375,743 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.08 12:09:41 | 002,327,836 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.09.08 12:09:41 | 000,703,546 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat

[2012.09.08 12:09:41 | 000,643,638 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.09.08 12:09:41 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.09.08 12:09:41 | 000,137,322 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat

[2012.09.08 12:09:41 | 000,129,342 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.09.08 12:09:41 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.09.08 11:47:38 | 000,000,455 | ---- | M] () -- C:\user.js

[2012.09.06 11:45:26 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2012.09.06 11:45:26 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2012.09.06 11:45:26 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2012.09.06 11:45:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2012.09.06 11:45:26 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2012.09.06 11:45:26 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2012.09.06 11:36:29 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2012.09.06 11:36:27 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2012.09.06 11:36:27 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2012.09.06 11:36:27 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2012.09.06 11:36:27 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2012.09.06 11:36:27 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2012.09.04 08:27:30 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012.09.04 08:27:30 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.08.28 08:36:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012.08.27 08:36:34 | 000,001,033 | ---- | M] () -- C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.08.21 10:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012.08.21 10:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012.08.21 10:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012.08.21 10:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012.08.21 10:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012.08.21 10:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012.08.21 10:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012.08.21 10:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012.08.21 10:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012.08.20 19:09:30 | 003,302,334 | ---- | M] () -- C:\Users\Daivoon\Desktop\P1100686.JPG

[2012.08.16 08:16:32 | 000,425,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[1 C:\Users\Daivoon\Desktop\*.tmp files -> C:\Users\Daivoon\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.08 11:47:38 | 000,000,455 | ---- | C] () -- C:\user.js

[2012.08.27 08:36:34 | 000,001,033 | ---- | C] () -- C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2012.08.23 13:32:50 | 000,082,289 | ---- | C] () -- C:\Windows\SysNative\lvcoin64.ini

[2012.08.23 13:32:50 | 000,034,068 | ---- | C] () -- C:\Windows\SysNative\Repository.reg

[2012.08.20 19:07:20 | 003,302,334 | ---- | C] () -- C:\Users\Daivoon\Desktop\P1100686.JPG

[2012.06.29 15:43:47 | 000,221,160 | ---- | C] () -- C:\Windows\hpoins40.dat

[2012.06.29 15:43:47 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat

[2011.07.23 07:39:22 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

 
 ========== LOP Check ==========

 

[2012.06.28 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Daivoon\AppData\Roaming\clear.fi

[2012.07.06 14:56:52 | 000,000,000 | ---D | M] -- C:\Users\Daivoon\AppData\Roaming\Foxit Software

[2012.08.23 13:33:57 | 000,000,000 | ---D | M] -- C:\Users\Daivoon\AppData\Roaming\Leadertech

[2012.06.28 12:27:56 | 000,000,000 | ---D | M] -- C:\Users\Daivoon\AppData\Roaming\OEM

[2012.06.30 11:04:46 | 000,000,000 | ---D | M] -- C:\Users\Daivoon\AppData\Roaming\pdfforge

[2012.06.28 14:32:10 | 000,000,000 | ---D | M] -- C:\Users\Daivoon\AppData\Roaming\Thunderbird

[2012.07.17 13:14:35 | 000,000,000 | ---D | M] -- C:\Users\Invitado\AppData\Roaming\OEM

[2009.07.14 06:08:49 | 000,027,952 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

leider immer noch das gleiche problem. und nur zu aller erst mit malware hat der scan überhaupt was gefunden. was allerdings glaub ich nicht incedibar war.

hoffe mir kann jemand helfen. ich ärgere mich schwarz das ich unabsichtlich die toolbar installiert hab.

danke im voraus, liebe grüße
amphitrite

Schritt 1:

gemacht, allerdings hat der neustart nicht funktioniert! ich habe nach 3h den computer abgewürgt und erst danach ist er neu gestartet. habe ihn im normalen modus gestartet und otb ist zu folgendem ergebniss gekommen

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-4091172970-1133717160-3061418228-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4091172970-1133717160-3061418228-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKU\S-1-5-21-4091172970-1133717160-3061418228-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.google.at" removed from browser.startup.homepage
Prefs.js: toolbar@alexa.com:2.15 removed from extensions.enabledAddons
Prefs.js: wrc@avast.com:7.0.1466 removed from extensions.enabledAddons
Prefs.js: ffe_ff3aeroff4@game-point.net:2.0.1 removed from extensions.enabledAddons
Prefs.js: "hxxp://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyNuoUQdq&&i=26&search=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\WEB ASSISTANT\Firefox not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk moved successfully.
C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Windows\SysWOW64\config.nt moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{E8E37C4F-DE01-4286-AFB6-9FBEC8265A1A} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{37126D87-E4FD-4614-B908-A0BB7ECE3992} folder moved successfully.
C:\ProgramData\Temp\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\Daivoon\AppData\Local\{041FA7A7-7733-4FAF-883A-E7087A134489} folder moved successfully.
C:\Users\Daivoon\AppData\Local\{122781E7-E4A4-4E54-AF3E-76766C02FDF7} folder moved successfully.
C:\Users\Daivoon\AppData\Local\{6E9171EB-97DA-4974-B86D-BAD49A494BF3} folder moved successfully.
C:\Users\Daivoon\AppData\Local\{7EF848BF-55D8-49AC-BC09-7737DD70EFD9} folder moved successfully.
C:\Users\Daivoon\AppData\Local\{C1C7B54D-4492-4057-8F8C-68DB9A068FCB} folder moved successfully.
C:\Users\Daivoon\AppData\Local\{DA19772C-B362-4088-A395-93A90F72A6D5} folder moved successfully.
C:\Users\Daivoon\AppData\Local\{FF3E2DBA-570D-4A28-B005-AA18072BEAD1} folder moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\COMAP.EXE moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\Foxit Updater.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\incredibar_installer.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\MyBabylonTB_google_20120807.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\UpdateCheckerSetup.exe moved successfully.
C:\Users\Daivoon\AppData\Local\Temp\vlc-2.0.2-win32.exe moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Daivoon\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Daivoon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Daivoon\Desktop\cmd.bat deleted successfully.
C:\Users\Daivoon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Daivoon
->Temp folder emptied: 995872996 bytes
->Temporary Internet Files folder emptied: 267897327 bytes
->FireFox cache emptied: 145467576 bytes
->Flash cache emptied: 78457 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Invitado
->Temp folder emptied: 151744 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56543 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 181952025 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63163 bytes
RecycleBin emptied: 6870048477 bytes

Total Files Cleaned = 8.070,00 mb

OTL by OldTimer - Version 3.2.61.2 log created on 09082012_193827

Files\Folders moved on Reboot...
C:\Users\Daivoon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ich hoffe soweit ist das schonmal ok

ich habe jetzt leider schritt 2 schon gemacht, da ich zu spät gelesen habe, ich solle warten wenn otb nicht komplett fehlerfrei durchläuft.

1 bedrohung gefunden und in container verschoben, die scheint allerdings nichts mit dem eigentlichen problem zu tun zu haben.

soll ich weitermachen?

vielen vielen dank auf alle fälle für die hilfe!

Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2012.09.08.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daivoon :: DAIVOON-PC [Administrator]

Schutz: Aktiviert

08.09.2012 23:51:59
mbam-log-2012-09-08 (23-51-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 370443
Laufzeit: 33 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Programme\Corel Draw X6\CorelDRAW Graphics Suite X6 16.0.0.707 (32 bit) (keygen-CORE) [ChingLiu]\Keygen-CORE\keygen.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)