Werde auf falsche Google-Ergebnisse geführt

k.karl · 11.12.2011, 10:28

Hallo Lieber Helfer,

mein Problem ist, so wie ich es auf diesem Board gelesen habe, bereits bekannt!

Ich habe gester von meinem Virenschutzprogramm (Avira Premium 2012) mehrere Hinweise bekommen, dass sich Trojaner bzw. Malware auf meinem Rechner befindet!

Habe einen Scan laufen lasen und die "Schädlinge" löschen lassen! Ein neuer Scan hat keine weiteren Schädlinge gefunden!

Dann ist mir das im Betreff genannte Problem aufgefallen!
Wenn ich ein Suchergebnis im Google anklicke komme ich fast immer zuerst zu irgendeiner Werbeseite, eine Seite die nichts mit dem Suchbegriffe bzw. mit der im Suchergebniss angeführten Seite zu tun hat!

******************************************

OTL.txt
OTL logfile created on: 11.12.2011 01:15:07 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 64,37% Memory free
7,60 Gb Paging File | 5,89 Gb Available in Paging File | 77,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276,94 Gb Total Space | 173,19 Gb Free Space | 62,54% Space Free | Partition Type: NTFS
Drive D: | 20,86 Gb Total Space | 3,04 Gb Free Space | 14,55% Space Free | Partition Type: NTFS
Drive E: | 346,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 465,65 Gb Total Space | 402,68 Gb Free Space | 86,48% Space Free | Partition Type: FAT32
Drive H: | 99,34 Mb Total Space | 88,70 Mb Free Space | 89,29% Space Free | Partition Type: FAT32

Computer Name: ***-HP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.10 17:50:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.12.10 09:34:01 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Roaming\DC665\lvvm.exe
PRC - [2011.12.10 09:07:59 | 000,176,128 | ---- | M] () -- C:\Users\***\AppData\Roaming\525DC\E645E.exe
PRC - [2011.12.10 09:07:36 | 000,291,840 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\5EA5\897.exe
PRC - [2011.12.08 13:25:41 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.11.17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\***\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.10.26 19:48:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.10.11 14:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.10.11 14:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.29 15:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.09.01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.06.24 21:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2010.05.01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2011.12.10 09:34:01 | 000,192,512 | ---- | M] () -- C:\Users\***\AppData\Roaming\DC665\lvvm.exe
MOD - [2011.12.10 09:07:59 | 000,176,128 | ---- | M] () -- C:\Users\***\AppData\Roaming\525DC\E645E.exe
MOD - [2011.12.10 09:07:36 | 000,291,840 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\5EA5\897.exe
MOD - [2011.11.02 20:39:27 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2011.10.14 18:41:49 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\1690c0d482ffd8105fc6e573a1d84ed8\System.Management.ni.dll
MOD - [2011.10.14 18:40:31 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\afb98d0ba0006a3dece48623712f61b1\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 18:40:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\bf5ca252df4083e6c48dc3e9f3273cf5\System.Xaml.ni.dll
MOD - [2011.10.13 20:14:40 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9565982f271da74fd952906f9b6a88c9\PresentationFramework.ni.dll
MOD - [2011.10.13 20:14:26 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d08e6e917f08ef674373576016969a20\System.Windows.Forms.ni.dll
MOD - [2011.10.13 20:14:26 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\0d5d26ed41c8fa0c7feb00ef5343299a\PresentationCore.ni.dll
MOD - [2011.10.13 20:14:17 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\acf4f694ab9c0b1802e83e5cd726812f\System.Core.ni.dll
MOD - [2011.10.13 20:14:12 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1924bdaf130f882ceaf9d7b880602d22\System.Xml.ni.dll
MOD - [2011.10.13 20:14:12 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a4a330e92cbd3457b3f00ae367a4bc5f\WindowsBase.ni.dll
MOD - [2011.10.13 20:14:12 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2807b771372137d41fb8d392a878d0c7\System.Drawing.ni.dll
MOD - [2011.10.13 20:14:09 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b680bfc9e268e756f86980bb47b7d330\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 20:14:07 | 009,086,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f477a17590634925c583632d171e2726\System.ni.dll
MOD - [2011.10.13 20:14:01 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011.09.29 15:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.05.13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011.04.04 13:18:33 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.06.22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2011.12.08 13:25:41 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.11.18 08:54:18 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011.10.11 14:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.10.11 14:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.01 17:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.06.29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.06.01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.05.01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.05.01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.12.08 13:25:43 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.11 14:06:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.02 23:41:24 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.02 23:41:24 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.06.02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.05.13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.07 11:14:44 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.01.07 11:14:44 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010.12.21 06:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010.12.21 06:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.12.17 01:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.24 21:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.06.22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.05.01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010.04.13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.03.05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.11 23:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.10.26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54606

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: TabSidebar@blueprintit.co.uk:2.5
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54606
FF - prefs.js..network.proxy.type: 1

FF - user.js..browser.search.openintab: true

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 17:36:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.07 17:25:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.12 18:16:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011.11.21 11:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.31 16:21:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.06.18 13:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2011.11.21 11:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2011.11.26 18:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions
[2011.11.06 10:17:11 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.01.01 13:37:23 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.01.09 17:11:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.01 13:37:23 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}(2)
[2011.01.01 13:37:20 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions\nasanightlaunch@example(2).com
[2011.01.01 13:37:20 | 000,000,000 | ---D | M] (NASA Night Launch) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l3x2e4p1.default\extensions\nasanightlaunch@example(3).com
[2011.06.18 15:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\savweovj.default\extensions
[2011.11.10 17:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L3X2E4P1.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L3X2E4P1.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L3X2E4P1.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.11.10 17:36:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.02 19:14:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 19:14:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 19:14:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 19:14:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 19:14:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 19:14:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [897.exe] C:\Program Files (x86)\LP\5EA5\897.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [38C.exe] C:\Users\***\AppData\Roaming\Microsoft\FC55\38C.exe File not found
O4 - HKCU..\Run: [897.exe] C:\Users\***\AppData\Roaming\Microsoft\5EA5\897.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\***\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HotSwap! Applet] C:\Users\***\Downloads\HotSwap_5.0.0.0\64bit\HotSwap!.EXE (Kazuyuki Nakayama)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\***\AppData\Roaming\DC665\lvvm.exe) - C:\Users\***\AppData\Roaming\DC665\lvvm.exe ()
F3 - HKCU WinNT: Load - (C:\Users\***\AppData\Roaming\DC665\lvvm.exe) -C:\Users\***\AppData\Roaming\DC665\lvvm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36024C91-CE78-462B-9429-3F9D816CB2F9}: DhcpNameServer = 213.153.32.129 213.153.32.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\525DC\E645E.exe) -C:\Users\***\AppData\Roaming\525DC\E645E.exe ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKLM ShellExecuteHooks: UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.06.08 18:39:22 | 006,475,776 | R--- | M] (FIRAXIS Games, Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005.06.08 18:39:23 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0d1c56a0-1a47-11e0-bc06-5cac4c6de85e}\Shell - "" = AutoRun
O33 - MountPoints2\{0d1c56a0-1a47-11e0-bc06-5cac4c6de85e}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{9abfdb07-1476-11e0-9ef1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9abfdb07-1476-11e0-9ef1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2005.06.08 18:39:22 | 006,475,776 | R--- | M] (FIRAXIS Games, Inc.)
O33 - MountPoints2\{b4648bd7-1a46-11e0-970a-5cac4c6de85e}\Shell - "" = AutoRun
O33 - MountPoints2\{b4648bd7-1a46-11e0-970a-5cac4c6de85e}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: HotSwap! Applet - hkey= - key= - C:\Users\***\Downloads\HotSwap_5.0.0.0\64bit\HotSwap!.EXE (Kazuyuki Nakayama)
MsConfig:64bit - StartUpReg: HP Quick Launch - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: HPAdvisorDock - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: NBAgent - hkey= - key= - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig:64bit - StartUpReg: Nikon Transfer Monitor - hkey= - key= - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SmartMenu - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.10 17:50:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.10 17:49:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.10 17:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.10 17:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.10 17:47:17 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.10 17:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.10 10:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011.12.10 09:08:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DC665
[2011.12.10 09:07:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\525DC
[2011.12.09 22:43:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2011.12.09 22:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2011.12.07 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2011.12.07 17:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011.12.07 17:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011.12.07 17:25:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Winamp
[2011.12.07 16:12:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Acomba_UG_(haftungsbeschr
[2011.12.07 16:11:43 | 000,000,000 | R--D | C] -- C:\Users\***\Dropbox
[2011.12.07 16:07:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.11.27 13:35:28 | 000,163,840 | ---- | C] (MicroDexterity, Inc.) -- C:\Windows\SysWow64\Stamin32.Dll
[2011.11.27 13:35:28 | 000,096,256 | ---- | C] (ITB CompuPhase) -- C:\Windows\SysWow64\Eplay32.dll
[2011.11.27 13:35:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ports Of Call
[2011.11.27 13:35:27 | 000,667,136 | ---- | C] (OLYMPUS Software Europe GmbH) -- C:\Windows\SysWow64\oik32.ocx
[2011.11.27 13:35:27 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\vsflex7L.ocx
[2011.11.27 13:35:27 | 000,112,776 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\Windows\SysWow64\mcast50.ocx
[2011.11.27 13:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\poc
[2011.11.23 23:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ages
[2011.11.21 11:44:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Prism
[2011.11.21 11:44:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\prism
[2011.11.21 11:43:23 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011.11.17 14:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.14 22:30:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.11.14 22:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.11.14 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2011.11.12 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games
[2011.11.12 21:58:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games
[2011.11.12 21:58:11 | 000,108,144 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011.11.12 21:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2011.11.12 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2011.11.12 21:51:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.11 01:19:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 01:19:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 01:17:03 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.11 01:17:03 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.11 01:17:03 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.11 01:17:03 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.11 01:17:03 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.11 01:11:25 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.11 01:11:21 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2011.12.11 01:11:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.11 01:11:13 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.11 01:09:52 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.12.11 01:04:56 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.11 01:04:55 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000Core.job
[2011.12.11 01:04:54 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000UA.job
[2011.12.10 18:01:54 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.10 17:50:05 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.10 17:47:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 10:37:04 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.12.10 10:36:09 | 000,291,840 | ---- | M] () -- C:\Users\***\AppData\Roaming\firefox.exe
[2011.12.08 13:25:43 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.11.27 13:35:28 | 000,001,087 | ---- | M] () -- C:\Users\***\Desktop\Ports Of Call XXL.lnk
[2011.11.23 23:23:45 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Ages!.lnk
[2011.11.17 14:46:23 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.14 22:30:05 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2011.11.14 22:26:07 | 000,007,615 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.11.13 16:21:15 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.11.12 23:46:14 | 000,108,144 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2011.11.12 21:59:56 | 000,002,365 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Railroads! starten.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.11 01:09:52 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.12.10 18:01:51 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.10 17:47:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 10:36:22 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.12.10 09:55:49 | 000,291,840 | ---- | C] () -- C:\Users\***\AppData\Roaming\firefox.exe
[2011.11.27 13:35:28 | 000,001,087 | ---- | C] () -- C:\Users\***\Desktop\Ports Of Call XXL.lnk
[2011.11.23 23:23:45 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ages!.lnk
[2011.11.23 23:23:45 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Ages!.lnk
[2011.11.23 23:17:30 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ages.lnk
[2011.11.17 14:46:23 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.14 22:30:05 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2011.11.14 22:26:07 | 000,007,615 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.11.14 21:19:03 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000UA.job
[2011.11.14 21:19:02 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4138529036-2260153085-4193991026-1000Core.job
[2011.11.12 21:53:53 | 000,002,365 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Railroads! starten.lnk
[2011.10.26 20:51:24 | 000,009,216 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.02 21:49:20 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.10.02 21:49:20 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.17 21:15:07 | 000,006,902 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.2
[2011.03.27 10:06:23 | 000,001,854 | ---- | C] () -- C:\Users\***\AppData\Roaming\GhostObjGAFix.xml
[2011.02.05 15:07:07 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applications
[2011.02.05 15:07:07 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Animals
[2011.02.05 15:07:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010.12.17 01:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.08.19 00:47:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.08.19 00:41:06 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010.08.19 00:39:28 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.08.19 00:39:28 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.08.19 00:39:28 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.08.19 00:39:27 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.19 00:39:27 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.08.19 00:39:26 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.19 00:39:13 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.08.19 00:39:13 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.08.19 00:36:22 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.07.21 12:47:53 | 000,000,202 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010.07.21 11:55:58 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010.02.09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe

========== LOP Check ==========

[2011.05.17 18:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv
[2011.01.07 14:13:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3DataManager
[2011.12.10 09:07:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\525DC
[2011.04.02 00:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2011.10.03 13:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.12.10 09:34:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DC665
[2011.12.08 07:25:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.01.09 17:11:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.30 20:30:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.01.07 20:59:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FloodLightGames
[2011.09.12 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.01.23 22:01:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.11.06 10:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Navigram
[2011.02.06 14:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2011.12.07 17:25:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.11.21 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\prism
[2011.01.07 11:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Program Files (x86)
[2011.04.15 08:33:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RegistryKeys
[2011.10.24 20:26:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.02.15 19:34:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.01.01 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.01.03 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2011.10.22 18:12:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XBMC
[2011.01.01 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
[2011.12.10 10:37:04 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011.09.15 18:11:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.12.31 11:53:32 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.21 23:06:36 | 000,000,000 | -HSD | M] -- C:\boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.31 11:49:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.16 16:57:24 | 000,000,000 | R--D | M] -- C:\Eigene Dateien
[2010.08.19 01:10:02 | 000,000,000 | -H-D | M] -- C:\HP
[2010.12.31 15:40:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.03 13:53:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.10 17:47:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.10 17:47:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.12.31 11:49:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.12.31 11:50:07 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.26 15:08:06 | 000,000,000 | ---D | M] -- C:\SwSetup
[2011.12.11 01:17:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.12.31 11:50:11 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011.06.18 22:27:14 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.31 11:49:36 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.21 11:43:23 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >
[2007.03.12 18:59:00 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\navigram_register.exe

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: AFD.SYS >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.07.21 18:47:05 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.07.21 18:40:06 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.07.21 18:47:05 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.07.21 18:40:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.07.21 18:47:05 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.07.21 18:40:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.07.21 18:47:05 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.07.21 18:40:06 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.07.21 18:47:05 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.07.21 18:47:05 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.07.21 18:47:05 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
*********************************************

Bitte um Euere Hilfe!

Danke!

Chris4You · 11.12.2011, 12:15

Hi,

Deine Freunde von der anderen Fraktion sind noch da...

Moment...

Here we go...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen! (nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Users\***\AppData\Roaming\525DC\E645E.exe
C:\Users\***\AppData\Roaming\Microsoft\5EA5\897.exe
C:\Users\***\AppData\Roaming\DC665\lvvm.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Für mich:
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\525DC\E645E.exe) -C:\Users\***\AppData\Roaming\525DC\E645E.exe ()
[2011.12.10 10:36:22 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\At1.job

chris

k.karl · 11.12.2011, 12:49

E645E.exe

MD5 : f0417903c74f574e622b55e7367ab531
SHA1 : 5d7f2f908f3ffd49de1326743596f365dce71208
SHA256: 4a4df2c7b8452909981675ec810f0342a093cbd7fd57071c07b344a5355533a3
ssdeep: 3072:CwknYNLSu57kCDqmm+spbFlgvUzHw7BpQ82+NdwMFDCXnB9xWE+MVAtSzOu9:CwCiLSu0m
TstFGUzQjQ82+7wMAXnB9en
File size : 176128 bytes
First seen: 2011-12-10 10:19:40
Last seen : 2011-12-11 11:16:42
TrID:
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3BF0
timedatestamp....: 0x434AE6FA (Mon Oct 10 22:11:06 2005)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x78B4B, 0x15C00, 7.06, cb81acc44e2dc8ab2146b3d3ec2e5759
.rdata, 0x7A000, 0x580, 0x600, 5.44, be0d3ef50f72fe4ca217f4da0832b9a8
.data, 0x7B000, 0x14531, 0x14600, 7.95, 49268a20414ecb89b4cdbd11f96aaf9e
.rsrc, 0x90000, 0x1000, 0x400, 1.34, 22bb1ed262be153411c42c699d2a4e6c

[[ 4 import(s) ]]
SHELL32.dll: ShellExecuteA, Shell_NotifyIconA
RPCRT4: UuidCreate
KERNEL32.dll: GetSystemInfo, CopyFileW, GetSystemDirectoryW, FindFirstFileW, GlobalFindAtomW, CreateMutexW, ExpandEnvironmentStringsW, ReleaseMutex, LoadLibraryW, GetPrivateProfileStringW, GetProcessHeap, LocalFree, lstrcmpiW, GetCurrentProcessId, EnumResourceLanguagesA, HeapAlloc, GetPrivateProfileIntW, FreeLibrary, lstrlenA, GetCurrentDirectoryW, SetFileAttributesW, GetModuleHandleA, WaitForSingleObject, GetPrivateProfileIntW, WritePrivateProfileStringW, FindNextFileW, HeapFree, GetWindowsDirectoryA, GetModuleHandleW, LoadLibraryExA, FindClose, LoadLibraryExW, GetCurrentProcess
SHLWAPI.dll: GetAcceptLanguagesA, PathRemoveFileSpecW, PathIsRelativeW, PathAppendW, UrlUnescapeW, PathFindExtensionW, UrlCreateFromPathW, StrCmpIW, PathCreateFromUrlW, PathCombineW
ExifTool:
file metadata
CodeSize: 89088
EntryPoint: 0x3bf0
FileSize: 172 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 86016
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2005:10:11 00:11:06+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight
**************************************

897.exe

MD5 : d08d38f7c1f0b8274d2df4d6005c9cd7
SHA1 : 976f3b6b6fef5fdd82cbc9c10c743b310196000d
SHA256: ca08ebe87319833c7ea87b1618c7e6c11a8c701b0f14256d618c116ee83d90a7
ssdeep: 6144:q31JYTtoMLh+3p26R+7O1ysus4rGLZDPb9fU2Zum:2wcp2WuvyZDPxfU2ZZ
File size : 291840 bytes
First seen: 2011-12-09 20:06:01
Last seen : 2011-12-11 11:24:30
TrID:
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x45F0
timedatestamp....: 0x434A7B65 (Mon Oct 10 14:32:05 2005)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x43F2B, 0x23000, 7.08, fe8e5b7cfad36819162d88752933a23f
.rdata, 0x45000, 0x580, 0x600, 5.41, d7cfa3a3d5aaca36ed3508196d0fca97
.data, 0x46000, 0x2350D, 0x23600, 7.95, cce39c3c4c611f69a1e9930ad6285b27
.rsrc, 0x6A000, 0x1000, 0x400, 1.36, b2632f72a8ae62e9a867fd0eb01f45ba

[[ 4 import(s) ]]
SHELL32.dll: ShellExecuteA, Shell_NotifyIconA
RPCRT4: UuidCreate
KERNEL32.dll: WaitForSingleObject, GetCurrentProcessId, GetModuleHandleA, GlobalFindAtomW, FindNextFileW, GetPrivateProfileIntW, ExpandEnvironmentStringsW, LoadLibraryExA, GetProcessHeap, FreeLibrary, CopyFileW, GetWindowsDirectoryA, LoadLibraryExW, GetCurrentDirectoryW, EnumResourceLanguagesA, GetPrivateProfileStringW, LoadLibraryW, HeapFree, LocalFree, GetSystemDirectoryW, lstrlenA, WritePrivateProfileStringW, lstrcmpiW, HeapAlloc, GetPrivateProfileIntW, FindClose, GetSystemInfo, FindFirstFileW, GetModuleHandleW, SetFileAttributesW, ReleaseMutex, CreateMutexW, GetCurrentProcess
SHLWAPI.dll: GetAcceptLanguagesA, UrlCreateFromPathW, PathIsRelativeW, PathAppendW, PathFindExtensionW, UrlUnescapeW, StrCmpIW, PathRemoveFileSpecW, PathCreateFromUrlW, PathCombineW
ExifTool:
file metadata
CodeSize: 143360
EntryPoint: 0x45f0
FileSize: 285 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 147456
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2005:10:10 16:32:05+02:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight
***************************************

lvvm.exe

MD5 : 87e38a1119463eaeb2cfe01a37990391
SHA1 : 13a6cb740d6ed3f2f623b0c36fd8ed46af3d1bcd
SHA256: 66cea0879b0748b7e5ab9794743bd3a5a77befa38167b1ed7ffe71510946012b
ssdeep: 3072:y/59Bv2rEJQ1ylz/POFgqJheF46qL3Z3f//OoupzQfl8i9j:y/dvGe0xnem6GZfexpM+u
File size : 192512 bytes
First seen: 2011-12-09 22:37:20
Last seen : 2011-12-11 11:39:04
TrID:
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3D50
timedatestamp....: 0x437DD906 (Fri Nov 18 13:37:10 2005)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3A899, 0x17A00, 7.05, aee81c88cb7cc46ac1a12ed83fd21c68
.rdata, 0x3C000, 0x580, 0x600, 5.45, 88080f3adcb89ccbd99eeb4c6afb2dcd
.data, 0x3D000, 0x1663C, 0x16800, 7.94, e2082d16dcffc6b5e4b187739b62f8ea
.rsrc, 0x54000, 0x1000, 0x400, 1.36, 39d8b5b8ebcf451f7bd0824908e0b326

[[ 4 import(s) ]]
SHELL32.dll: ShellExecuteA, Shell_NotifyIconA
KERNEL32.dll: FindFirstFileW, GetCurrentProcessId, lstrcmpiW, CopyFileW, GlobalFindAtomW, WaitForSingleObject, GetPrivateProfileStringW, GetCurrentDirectoryW, HeapAlloc, LocalFree, FreeLibrary, GetModuleHandleW, GetSystemDirectoryW, LoadLibraryExA, WritePrivateProfileStringW, EnumResourceLanguagesA, SetFileAttributesW, CreateMutexW, GetWindowsDirectoryA, LoadLibraryW, GetProcessHeap, FindClose, GetPrivateProfileIntW, HeapFree, GetPrivateProfileIntW, LoadLibraryExW, ReleaseMutex, lstrlenA, ExpandEnvironmentStringsW, GetModuleHandleA, FindNextFileW, GetSystemInfo, GetCurrentProcess
SHLWAPI.dll: GetAcceptLanguagesA, PathFindExtensionW, UrlCreateFromPathW, PathRemoveFileSpecW, UrlUnescapeW, PathCreateFromUrlW, PathIsRelativeW, PathAppendW, StrCmpIW, PathCombineW
RPCRT4: UuidCreate
ExifTool:
file metadata
CodeSize: 96768
EntryPoint: 0x3d50
FileSize: 188 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 94720
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2005:11:18 14:37:10+01:00
UninitializedDataSize: 0
Symantec reputation:Suspicious.Insight

k.karl · 11.12.2011, 16:18

MAM-Log

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.12.2011 16:16:42
mbam-log-2011-12-11 (16-16-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 435503
Laufzeit: 1 Stunde(n), 24 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\Users\***\AppData\Roaming\525DC\E645E.exe (Trojan.Dropper) -> 1700 -> No action taken.
c:\Users\***\AppData\Roaming\DC665\lvvm.exe (Trojan.Dropper) -> 3256 -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\5EA5\897.exe (Trojan.Dropper) -> 3704 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\897.exe (Trojan.Dropper) -> Value: 897.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\897.exe (Trojan.Dropper) -> Value: 897.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38C.exe (Backdoor.CycBot.Gen) -> Value: 38C.exe -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Dropper) -> Bad: (C:\Users\***\AppData\Roaming\DC665\lvvm.exe) Good: () -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Roaming\525DC\E645E.exe (Trojan.Dropper) -> No action taken.
c:\Users\***\AppData\Roaming\DC665\lvvm.exe (Trojan.Dropper) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\5EA5\897.exe (Trojan.Dropper) -> No action taken.
c:\program files (x86)\LP\5EA5\897.exe (Trojan.Dropper) -> No action taken.
c:\program files (x86)\Adobe\adobe photoshop cs5\keygen.exe (Malware.Packer.Gen) -> No action taken.
c:\Users\***\AppData\Local\Temp\~!#5502.tmp (Trojan.Dropper) -> No action taken.
c:\Users\***\AppData\Roaming\firefox.exe (Trojan.Dropper) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\5EA5\EF8D.tmp (Trojan.Dropper) -> No action taken.

k.karl · 11.12.2011, 16:30

OLG.txt
Extras.txt

k.karl · 11.12.2011, 16:54

TDSS-Killer hat nichts gefunden!

k.karl · 11.12.2011, 17:41

Hallo,

Habe jetzt ein problem!
Nachdem ich festgestellt hatte, dass ich den falschen MAM-log hochgeladen habe (habe die Lösch-aktion noch nicht durchgeführt gehabt), und ich denn scanvorgang mit dem befehl die gefundenen objekte zu löschen beendet hatte, kam erst die meldung dass nicht alle dateien gelöscht wurden und seit dem kann ich nicht mehr auf das internet zugreifen!

Jetz schreib ich von meinem handy aus und bitte um hilfe bezüglich weiterer vorgehensweise!!!

k.karl · 11.12.2011, 18:07

ok, es wurden "nur" die Proxyeinstellungen verändert!

hier der richtige MAM-Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.12.2011 17:25:36
mbam-log-2011-12-11 (17-25-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 435503
Laufzeit: 1 Stunde(n), 24 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
c:\Users\***\AppData\Roaming\525DC\E645E.exe (Trojan.Dropper) -> 1700 -> Unloaded process successfully.
c:\Users\***\AppData\Roaming\DC665\lvvm.exe (Trojan.Dropper) -> 3256 -> Unloaded process successfully.
c:\Users\***\AppData\Roaming\microsoft\5EA5\897.exe (Trojan.Dropper) -> 3704 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\897.exe (Trojan.Dropper) -> Value: 897.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\897.exe (Trojan.Dropper) -> Value: 897.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38C.exe (Backdoor.CycBot.Gen) -> Value: 38C.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Dropper) -> Bad: (C:\Users\***\AppData\Roaming\DC665\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Roaming\525DC\E645E.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\DC665\lvvm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\5EA5\897.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files (x86)\LP\5EA5\897.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\program files (x86)\Adobe\adobe photoshop cs5\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Local\Temp\~!#5502.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\firefox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\5EA5\EF8D.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

Chris4You · 11.12.2011, 19:42

Hi,

heil an säckle, wieso holt Ihr Euch das Zeug immer selber auf den Rechner...
c:\program files (x86)\Adobe\adobe photoshop cs5\keygen.exe (Malware.Packer.Gen)
Damit ist an dieser Stelle Schluß, so sind die Boardregeln...

Chris&out

k.karl · 11.12.2011, 19:58

Hallo,

das ist natürlich heftig! Zumal ich den Rechner bekommen habe, und das Programm nicht selber installiert habe!

Merkwürdig ist für mich, dass ich den Rechner schon länger habe und damit auch das Programm, das Problem mit der Malware/trojaner habe ich erst seit gestern!

Könnt Ihr mir auf Grund der "besonderen Umstände" dennoch helfen?

Bitte!

Werde auf falsche Google-Ergebnisse geführt

Plagegeister aller Art und deren Bekämpfung: Werde auf falsche Google-Ergebnisse geführt