AW: Bundespolizei-Ukash

CSS · 20.09.2011, 11:35

Guten tag zusammen,
habe folgendes Problem den BKA Ukash Virus mir eingefangen etliche Schritte von euch befolgt mit OTL gescannt,gefixt doch Virus geht nicht weck hier ein kleiner Anhang hoffe auf eure Hilfe mfg CSS

Letzter OTL Scan:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.09.2011 12:00:56 - Run 5
OTL by OldTimer - Version 3.2.26.7 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,31% Memory free
4,00 Gb Paging File | 3,68 Gb Available in Paging File | 92,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 3,54 Gb Free Space | 7,25% Space Free | Partition Type: NTFS
Drive D: | 62,96 Gb Total Space | 36,96 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
Drive F: | 999,70 Mb Total Space | 998,83 Mb Free Space | 99,91% Space Free | Partition Type: FAT
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (QuestService Service) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BDA_Loader_225) -- C:\Windows\System32\drivers\BDA_Loader_225.sys (WideView Technology Inc.)
DRV - (BDA_Capture_225) -- C:\Windows\System32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 5E 20 CA 6F 9C CA 01 [binary data]
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.2.0.5360
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009.12.30 23:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009.12.30 23:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009.12.30 23:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.03.20 12:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 16:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 16:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:36 | 000,000,000 | ---D | M]
 
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.15 18:36:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.30 18:03:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.05 20:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.05.17 11:23:28 | 000,005,212 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\ecosia.xml
[2011.09.18 22:44:13 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-1.xml
[2011.08.28 10:14:09 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-2.xml
[2011.09.04 13:31:26 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-3.xml
[2011.09.07 16:49:29 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-4.xml
[2011.08.18 21:40:40 | 000,000,168 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.gif
[2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.src
[2011.06.15 08:20:08 | 000,001,056 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.xml
[2010.07.05 20:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.09 20:22:28 | 000,000,000 | ---D | M] (QuestService) -- C:\Programme\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
() (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8C6QHWFB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
() (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8C6QHWFB.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - File not found
O2 - BHO: (Ecosia Class) - {2273A9F3-9D90-47e6-8706-DA7AE77B1552} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - File not found
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - File not found
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found.
O3 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HybridTM_A] C:\Programme\HybridTM_IR(A)\RC620_A.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000..\Run: [avupdate] C:\Users\Alexander\AppData\Roaming\jashla.exe (Jason Rattle)
O4 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000..\Run: [ICQ] File not found
O4 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-1074318070-1128809669-2621604759-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell - "" = AutoRun
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.18 17:37:06 | 000,207,872 | ---- | C] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 14:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUBICon
[2011.08.28 02:24:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.20 11:41:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.20 11:41:10 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.20 11:32:37 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.20 10:24:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.20 10:00:46 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.20 10:00:46 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.20 10:00:46 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.20 10:00:46 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.20 09:25:09 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:25:09 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:22:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.09.18 17:37:08 | 000,000,008 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.18 17:37:06 | 000,207,872 | ---- | M] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 20:26:56 | 000,041,948 | ---- | M] () -- C:\Users\Alexander\Desktop\Zwischenablage-31.jpg
[2011.09.15 20:26:34 | 000,010,621 | ---- | M] () -- C:\Users\Alexander\Desktop\e6363c35cd028ce1399801e67d66944ac14f270c_full.jpg
[2011.09.15 20:25:58 | 000,037,755 | ---- | M] () -- C:\Users\Alexander\Desktop\2060785_m3t1w564h376q75v60669_SWITCH_RELOADED_TAFF_HUND_3.jpg
[2011.09.15 14:54:13 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2011.09.11 19:23:16 | 000,197,032 | ---- | M] () -- C:\Users\Alexander\Desktop\IMG_2202.jpg
 
========== Files Created - No Company Name ==========
 
[2011.09.18 17:37:08 | 000,000,008 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.15 20:26:55 | 000,041,948 | ---- | C] () -- C:\Users\Alexander\Desktop\Zwischenablage-31.jpg
[2011.09.15 20:26:32 | 000,010,621 | ---- | C] () -- C:\Users\Alexander\Desktop\e6363c35cd028ce1399801e67d66944ac14f270c_full.jpg
[2011.09.15 20:25:56 | 000,037,755 | ---- | C] () -- C:\Users\Alexander\Desktop\2060785_m3t1w564h376q75v60669_SWITCH_RELOADED_TAFF_HUND_3.jpg
[2011.09.15 14:54:13 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2011.09.11 19:23:14 | 000,197,032 | ---- | C] () -- C:\Users\Alexander\Desktop\IMG_2202.jpg
[2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.05 21:56:11 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.12.04 01:16:36 | 000,073,728 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.11.19 17:37:24 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.19 14:14:16 | 000,274,432 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2010.03.05 23:45:19 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2010.03.05 23:45:19 | 000,000,869 | ---- | C] () -- C:\Windows\unins000.dat
[2010.01.24 22:14:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.01.24 22:14:28 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.01.16 19:57:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.24 15:24:07 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.12.23 10:11:12 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.12.23 10:11:12 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009.12.23 10:11:12 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 10:11:12 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.12.23 10:11:12 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.12.23 10:11:12 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.12.23 10:11:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.12.23 10:11:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.12.23 10:11:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.12.23 10:11:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009.12.23 10:11:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.12.23 10:11:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.12.23 10:11:12 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.12.23 10:11:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009.12.23 10:11:12 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.12.23 10:11:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.12.23 10:11:12 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.12.23 10:11:12 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.12.23 10:11:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.30 18:31:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HCWxds.dll
[2009.11.09 06:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2009.11.09 06:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\System32\avformat.dll
[2009.11.09 06:50:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\avutil.dll
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,453,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.05.13 22:39:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2006.02.08 23:06:00 | 001,662,976 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006.02.08 23:06:00 | 001,519,616 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2006.02.08 23:06:00 | 001,466,368 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006.02.08 23:06:00 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2006.02.08 23:06:00 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006.02.08 23:06:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006.02.08 23:06:00 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 17:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 17:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 17:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll
[2000.03.03 21:16:52 | 000,007,424 | R--- | C] () -- C:\Windows\System32\drivers\MMIOPORT.SYS
 
========== LOP Check ==========
 
[2010.04.10 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\AnvSoft
[2010.04.25 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Any Video Converter
[2010.03.20 17:49:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Ashampoo
[2010.03.20 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Record Edit Toolbox
[2010.03.20 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Recorder for Free
[2010.01.09 22:20:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\avidemux
[2009.11.28 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Blitware
[2011.08.16 21:23:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Canon
[2010.12.01 07:48:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoft
[2011.03.29 07:10:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.25 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Engelmann Media
[2010.03.05 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Flatcast
[2010.01.15 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\HandBrake
[2011.09.07 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ICQ
[2010.04.29 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\kikin
[2009.12.27 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\LG Electronics
[2011.06.14 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MagicMaps
[2010.03.31 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SharePod
[2010.06.09 21:38:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SparweltGutschein
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TomTom
[2010.09.27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TubeBox
[2010.05.31 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WeBrandes
[2010.03.31 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Youtube Downloader HD
[2011.07.17 06:36:36 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011.08.19 15:14:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :reg >
 
< [HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >
 
< "Shell"="explorer.exe" >
 
< >
 
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >
 
< "Shell"="explorer.exe" >
 
< >
 
< :commands >
 
< [emptytemp] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
 
< End of report >

--- --- ---

cosinus · 20.09.2011, 11:45

Zitat:

gefixt doch...

Was hast du da versucht auf eigene Faust zu fixen?
Du kannst nicht einfach Fixscripte verwenden, die für ganze andere Rechner bestimmt waren!

CSS · 20.09.2011, 12:00

hatte eigentlich nur den script genommen den ihr gepostet hattet unter den schritten die ihr zu hilfe angeboten habt mit der notepad fix.txt datei und dem otl was kann ich denn tun um den virus zu beseitigen wäre für jede hilfe dankbar

cosinus · 20.09.2011, 12:54

Sry aber das ist so falsch. Bitte in Zukunft richtig lesen und nichts voreilig unternehmen.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

CSS · 20.09.2011, 13:25

So ich hoffe das ich alles diesmal richtig gemacht habe danke euch für eure zeit super Support *daumenhoch*OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.09.2011 14:04:43 - Run 6
OTL by OldTimer - Version 3.2.26.7     Folder = F:\
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 83,71% Memory free
4,00 Gb Paging File | 3,69 Gb Available in Paging File | 92,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 3,54 Gb Free Space | 7,25% Space Free | Partition Type: NTFS
Drive D: | 62,96 Gb Total Space | 36,96 Gb Free Space | 58,70% Space Free | Partition Type: NTFS
Drive F: | 999,70 Mb Total Space | 989,33 Mb Free Space | 98,96% Space Free | Partition Type: FAT
 
Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (QuestService Service) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (HFGService) -- C:\Windows\System32\HFGService.dll (CSR, plc)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation                           )
DRV - (BthAudioHF) -- C:\Windows\System32\drivers\BthAudioHF.sys (CSR, plc)
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BDA_Loader_225) -- C:\Windows\System32\drivers\BDA_Loader_225.sys (WideView Technology Inc.)
DRV - (BDA_Capture_225) -- C:\Windows\System32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 5E 20 CA 6F 9C CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.2.0.5360
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll (1 mal 1 Software GmbH)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\4.2.0.2150\FF [2009.12.30 23:09:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.2.0.5360\FF [2009.12.30 23:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\4.2.0.2050\FF [2009.12.30 23:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.03.20 12:23:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 16:49:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.09.07 16:49:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.08.09 20:34:36 | 000,000,000 | ---D | M]
 
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.15 18:36:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.30 18:03:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.05 20:42:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2011.05.17 11:23:28 | 000,005,212 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\ecosia.xml
[2011.09.18 22:44:13 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-1.xml
[2011.08.28 10:14:09 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-2.xml
[2011.09.04 13:31:26 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-3.xml
[2011.09.07 16:49:29 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin-4.xml
[2011.08.18 21:40:40 | 000,000,168 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.gif
[2011.08.18 21:40:40 | 000,000,618 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.src
[2011.06.15 08:20:08 | 000,001,056 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8c6qhwfb.default\searchplugins\icqplugin.xml
[2010.07.05 20:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.01.09 20:22:28 | 000,000,000 | ---D | M] (QuestService) -- C:\Programme\Mozilla Firefox\extensions\{AAF6454A-4000-4015-84C1-6CD844C06B19}
() (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8C6QHWFB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI
() (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8C6QHWFB.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} -  File not found
O2 - BHO: (Ecosia Class) - {2273A9F3-9D90-47e6-8706-DA7AE77B1552} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} -  File not found
O2 - BHO: (Textual Content Provider) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} -  File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} -  File not found
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HybridTM_A] C:\Programme\HybridTM_IR(A)\RC620_A.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Windows\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [avupdate] C:\Users\Alexander\AppData\Roaming\jashla.exe (Jason Rattle)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell - "" = AutoRun
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.18 17:37:06 | 000,207,872 | ---- | C] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 14:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUBICon
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.20 14:02:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.20 14:01:45 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.20 11:32:37 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.20 10:24:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.20 10:00:46 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.20 10:00:46 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.20 10:00:46 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.20 10:00:46 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.20 09:25:09 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:25:09 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.20 09:22:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.09.18 17:37:08 | 000,000,008 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.18 17:37:06 | 000,207,872 | ---- | M] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 20:26:56 | 000,041,948 | ---- | M] () -- C:\Users\Alexander\Desktop\Zwischenablage-31.jpg
[2011.09.15 20:26:34 | 000,010,621 | ---- | M] () -- C:\Users\Alexander\Desktop\e6363c35cd028ce1399801e67d66944ac14f270c_full.jpg
[2011.09.15 20:25:58 | 000,037,755 | ---- | M] () -- C:\Users\Alexander\Desktop\2060785_m3t1w564h376q75v60669_SWITCH_RELOADED_TAFF_HUND_3.jpg
[2011.09.15 14:54:13 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2011.09.11 19:23:16 | 000,197,032 | ---- | M] () -- C:\Users\Alexander\Desktop\IMG_2202.jpg
 
========== Files Created - No Company Name ==========
 
[2011.09.18 17:37:08 | 000,000,008 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.15 20:26:55 | 000,041,948 | ---- | C] () -- C:\Users\Alexander\Desktop\Zwischenablage-31.jpg
[2011.09.15 20:26:32 | 000,010,621 | ---- | C] () -- C:\Users\Alexander\Desktop\e6363c35cd028ce1399801e67d66944ac14f270c_full.jpg
[2011.09.15 20:25:56 | 000,037,755 | ---- | C] () -- C:\Users\Alexander\Desktop\2060785_m3t1w564h376q75v60669_SWITCH_RELOADED_TAFF_HUND_3.jpg
[2011.09.15 14:54:13 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\RUBICon.lnk
[2011.09.11 19:23:14 | 000,197,032 | ---- | C] () -- C:\Users\Alexander\Desktop\IMG_2202.jpg
[2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.12.05 21:56:11 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.12.04 01:16:36 | 000,073,728 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.11.19 17:37:24 | 000,004,608 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.19 14:14:16 | 000,274,432 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll
[2010.03.05 23:45:19 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2010.03.05 23:45:19 | 000,000,869 | ---- | C] () -- C:\Windows\unins000.dat
[2010.01.24 22:14:28 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.01.24 22:14:28 | 000,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.01.16 19:57:25 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.24 15:24:07 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.12.23 10:11:12 | 003,190,784 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.12.23 10:11:12 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2009.12.23 10:11:12 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.23 10:11:12 | 000,511,488 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.12.23 10:11:12 | 000,405,504 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.12.23 10:11:12 | 000,245,760 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.12.23 10:11:12 | 000,221,184 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.12.23 10:11:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.12.23 10:11:12 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.12.23 10:11:12 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2009.12.23 10:11:12 | 000,122,880 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.12.23 10:11:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.12.23 10:11:12 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.12.23 10:11:12 | 000,097,280 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2009.12.23 10:11:12 | 000,079,872 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.12.23 10:11:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.12.23 10:11:12 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.12.23 10:11:12 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.12.23 10:11:12 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.30 18:31:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\HCWxds.dll
[2009.11.09 06:50:28 | 001,945,088 | ---- | C] () -- C:\Windows\System32\avcodec.dll
[2009.11.09 06:50:28 | 000,219,136 | ---- | C] () -- C:\Windows\System32\avformat.dll
[2009.11.09 06:50:28 | 000,022,528 | ---- | C] () -- C:\Windows\System32\avutil.dll
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,453,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.05.13 22:39:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2006.02.08 23:06:00 | 001,662,976 | ---- | C] () -- C:\Windows\System32\nvwdmcpl.dll
[2006.02.08 23:06:00 | 001,519,616 | ---- | C] () -- C:\Windows\System32\nwiz.exe
[2006.02.08 23:06:00 | 001,466,368 | ---- | C] () -- C:\Windows\System32\nview.dll
[2006.02.08 23:06:00 | 001,339,392 | ---- | C] () -- C:\Windows\System32\nvdspsch.exe
[2006.02.08 23:06:00 | 001,019,904 | ---- | C] () -- C:\Windows\System32\nvwimg.dll
[2006.02.08 23:06:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\nvshell.dll
[2006.02.08 23:06:00 | 000,442,368 | ---- | C] () -- C:\Windows\System32\nvappbar.exe
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56spn.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56itl.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56ger.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56fra.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56eng.dll
[2005.05.26 17:12:26 | 000,065,536 | ---- | C] () -- C:\Windows\sm56brz.dll
[2005.05.26 17:12:26 | 000,049,152 | ---- | C] () -- C:\Windows\sm56jpn.dll
[2005.05.26 17:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56cht.dll
[2005.05.26 17:12:26 | 000,045,056 | ---- | C] () -- C:\Windows\sm56chs.dll
[2000.03.03 21:16:52 | 000,007,424 | R--- | C] () -- C:\Windows\System32\drivers\MMIOPORT.SYS
 
========== LOP Check ==========
 
[2010.04.10 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\AnvSoft
[2010.04.25 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Any Video Converter
[2010.03.20 17:49:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Ashampoo
[2010.03.20 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Record Edit Toolbox
[2010.03.20 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Recorder for Free
[2010.01.09 22:20:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\avidemux
[2009.11.28 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Blitware
[2011.08.16 21:23:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Canon
[2010.12.01 07:48:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoft
[2011.03.29 07:10:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.25 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Engelmann Media
[2010.03.05 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Flatcast
[2010.01.15 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\HandBrake
[2011.09.07 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ICQ
[2010.04.29 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\kikin
[2009.12.27 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\LG Electronics
[2011.06.14 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MagicMaps
[2010.03.31 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SharePod
[2010.06.09 21:38:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SparweltGutschein
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TomTom
[2010.09.27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TubeBox
[2010.05.31 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WeBrandes
[2010.03.31 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Youtube Downloader HD
[2011.07.17 06:36:36 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011.08.19 15:14:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.04 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Adobe
[2010.04.10 20:13:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\AnvSoft
[2010.04.25 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Any Video Converter
[2010.06.23 18:56:35 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Apple Computer
[2009.11.29 12:19:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ArcSoft
[2010.03.20 17:49:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Ashampoo
[2010.03.20 12:27:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Record Edit Toolbox
[2010.03.20 12:23:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Audio Recorder for Free
[2010.01.09 22:20:43 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\avidemux
[2010.11.15 18:06:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Avira
[2009.11.28 19:06:45 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Blitware
[2011.08.16 21:23:24 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Canon
[2010.05.04 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DivX
[2010.01.16 19:59:16 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\dvdcss
[2010.12.01 07:48:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoft
[2011.03.29 07:10:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.25 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Engelmann Media
[2010.03.05 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Flatcast
[2009.11.27 16:29:29 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Google
[2010.01.15 21:23:19 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\HandBrake
[2011.09.07 21:46:17 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\ICQ
[2009.11.26 15:14:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Identities
[2009.12.27 01:04:07 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\InstallShield
[2010.08.25 22:35:33 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\InstallShield Installation Information
[2010.04.29 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\kikin
[2009.12.27 01:06:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\LG Electronics
[2009.11.27 16:48:11 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Macromedia
[2011.06.14 13:23:57 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\MagicMaps
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Media Center Programs
[2010.05.30 21:18:39 | 000,000,000 | --SD | M] -- C:\Users\Alexander\AppData\Roaming\Microsoft
[2010.07.06 12:18:40 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Mozilla
[2009.11.30 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Nero
[2010.03.31 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SharePod
[2010.06.09 21:38:44 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\SparweltGutschein
[2010.01.25 11:45:22 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Sun
[2010.07.15 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TomTom
[2010.09.27 17:05:06 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\TubeBox
[2010.05.31 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WeBrandes
[2010.02.18 16:12:08 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\WinRAR
[2010.03.31 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\Youtube Downloader HD
 
< %APPDATA%\*.exe /s >
[2011.09.18 17:37:06 | 000,207,872 | ---- | M] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2009.11.28 19:07:33 | 005,393,552 | ---- | M] (Blitware Technology Inc.                                    ) -- C:\Users\Alexander\AppData\Roaming\Blitware\DriverRobot\updates\1.2.0.3\DriverRobot_Setup.exe
[2008.03.05 12:32:14 | 000,372,736 | ---- | M] (Macrovision Corporation) -- C:\Users\Alexander\AppData\Roaming\InstallShield Installation Information\{D6F241BA-6CAC-4973-B510-A3B60DF56F76}\setup.exe
[2010.05.30 21:18:39 | 000,005,550 | R--- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{5943B7F7-678B-477E-9AEE-6E4C6962322B}\_6FEFF9B68218417F98F549.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.09.20 02:03:45 | 003,011,888 | R--- | M] (Adobe Systems, Copyright 2005-2008) -- C:\Setup.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD

< End of report >

--- --- ---

cosinus · 20.09.2011, 13:49

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
[2011.08.19 20:25:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.15 18:36:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 19:45:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.30 18:03:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.11.30 21:08:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Automated Content Enhancer) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} -  File not found
O2 - BHO: (Ecosia Class) - {2273A9F3-9D90-47e6-8706-DA7AE77B1552} - C:\Programme\Ecosia\ecosia.dll ()
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O2 - BHO: (Customized Platform Advancer) - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (Web Search Operator) - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} -  File not found
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin2.dll (Conduit Ltd.)
O4 - HKCU..\Run: [avupdate] C:\Users\Alexander\AppData\Roaming\jashla.exe (Jason Rattle)
O4 - HKCU..\Run: [ICQ]  File not found
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell - "" = AutoRun
O33 - MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2011.09.18 17:37:06 | 000,207,872 | ---- | C] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
[2011.09.15 14:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUBICon
[2011.09.18 17:37:08 | 000,000,008 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat
[2011.09.18 17:37:06 | 000,207,872 | ---- | M] (Jason Rattle) -- C:\Users\Alexander\AppData\Roaming\jashla.exe
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

CSS · 20.09.2011, 13:59

danke vielmals

bis jetzt funzt alles super

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Programme\Winload\prxtbWin2.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\8c6qhwfb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\9qi5rydk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ deleted successfully.
C:\Programme\AutocompletePro\AutocompletePro.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2273A9F3-9D90-47e6-8706-DA7AE77B1552}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2273A9F3-9D90-47e6-8706-DA7AE77B1552}\ deleted successfully.
C:\Programme\Ecosia\ecosia.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
C:\Programme\kikin\ie_kikin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8F48FC8-3CA1-42B9-8609-F75D7C8B4493}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Programme\Winload\prxtbWin2.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\avupdate deleted successfully.
C:\Users\Alexander\AppData\Roaming\jashla.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321f43fd-0866-11df-a468-0017310a68b2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{321f43fd-0866-11df-a468-0017310a68b2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{321f43fd-0866-11df-a468-0017310a68b2}\ not found.
File F:\USBAutoRun.exe not found.
File C:\Users\Alexander\AppData\Roaming\jashla.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RUBICon folder moved successfully.
C:\Users\Alexander\AppData\Roaming\zdz4priy065rmqh5.dat moved successfully.
File C:\Users\Alexander\AppData\Roaming\jashla.exe not found.
ADS C:\ProgramData\TEMP:30FD0CBD deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexander
->Temp folder emptied: 79 bytes
->Temporary Internet Files folder emptied: 100533 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1048576 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.7 log created on 09202011_145153

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 20.09.2011, 14:15

Windows startet wieder normal? Ohne BKA?

CSS · 20.09.2011, 14:21

jo windows startet normal lasse grad malewarbytes zur sicherheit rüberlaufen danke seit die besten

cosinus · 20.09.2011, 14:34

Jop, mach aber bitte einen Vollscan mit aktuellen Signaturen!

20.09.2011, 14:15	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AW: Bundespolizei-Ukash Windows startet wieder normal? Ohne BKA? __________________ Logfiles bitte immer in CODE-Tags posten

20.09.2011, 14:34	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AW: Bundespolizei-Ukash Jop, mach aber bitte einen Vollscan mit aktuellen Signaturen! __________________ Logfiles bitte immer in CODE-Tags posten

AW: Bundespolizei-Ukash

Log-Analyse und Auswertung: AW: Bundespolizei-Ukash