Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: exploit.drop.gs

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.10.2012, 11:09   #1
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



Hallo,

o.g. exploit wird von Malwarebytes ständig gefunden, kann aber nicht von mwb gelöscht werden.
Es soll sich hier befinden :
c\users\dirk\appdata\local\temp\soap0_wsdl.exe
ich finde aber unter diesem pfad nichts in meinem tempordner

Außerdem läuft mein PC scheinbar normal, sprich nichts ist gesperrt bzw. ich habe auch keine Zahlungsaufforderungen bekommen.

Ich habe auch noch mit antivir, spybot-search&destroy und spyware terminator gescant, die finden alle nichts und behaupten mein system sei viren- und malwarefrei.

Desweiteren war ich im englischsprachigen hilfeforum von mwb, die haben einige scans mit einigen programmen (tdsskiller , roguekiller, listpart, TFC) vorgenommen, da war auch alles in ordnung....die wollen jetzt weiter mit combofix scannen...die ganze kommunikation da ist etwas schwierig , weil mein Englisch nicht dermaßen perfect ist und die auf persl. Fragen kaum eingehen , sondern nur die Routine durchlaufen lassen.

Meine Fragen :

1. Ist es nicht komisch, dass nur mwb was findet und alle anderen Programme nichts ?

2. Ist das scannen mit combofix nicht ziemlich riskant ( so waren jedenfalls die warnhinweise im dortigen forum zu verstehen) und bringt das überhaupt noch was, wenn vorher außer mwb niemand was findet ?


als Anhang füge ich mal alle logs ect. dabei, die bis jetzt erstellt worden.
(die 2 Tdssdateinen sind leider zu groß :-( , dort wurde aber auch nichts gefunden)

Alt 21.10.2012, 08:40   #2
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,



Zitat:
Zitat von Nightcab Beitrag anzeigen
Desweiteren war ich im englischsprachigen hilfeforum von mwb, die haben einige scans mit einigen programmen (tdsskiller , roguekiller, listpart, TFC) vorgenommen, da war auch alles in ordnung....die wollen jetzt weiter mit combofix scannen...die ganze kommunikation da ist etwas schwierig , weil mein Englisch nicht dermaßen perfect ist und die auf persl. Fragen kaum eingehen , sondern nur die Routine durchlaufen lassen.
Das Posten in mehreren Foren bringt immer Probleme mit sich. Es macht keinen Sinn, dass wir hier eine Bereinigung starten, wenn du im MBAM-Forum bereits Hilfe erhälst. Ich schlage vor, du führst die Bereinigung im MBAM-Forum zu Ende.

Poste bitte einen Link zu deinem Thema bei MBAM.



Zitat:
Zitat von Nightcab Beitrag anzeigen
1. Ist es nicht komisch, dass nur mwb was findet und alle anderen Programme nichts ?
Komisch finde ich das nicht. Es ist oft so, dass nur einer von vielen Scannern bei einer bösartigen Datei anschlägt. Die Datei ist meiner Meinung nach definitiv schädlich.



Zitat:
Zitat von Nightcab Beitrag anzeigen
2. Ist das scannen mit combofix nicht ziemlich riskant ( so waren jedenfalls die warnhinweise im dortigen forum zu verstehen) und bringt das überhaupt noch was, wenn vorher außer mwb niemand was findet ?
Ich habe zahlreiche Rechner mit ComboFix bereinigt, hatte noch nie Probleme.
__________________


Alt 21.10.2012, 10:01   #3
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



Danke für deine Antwort :-)

ich würde gerne hier mit der bereinigung weitermachen, wenn irgendwie möglich ....
du würdest also jetzt mit combofix weitermachen ? und dir meine logs anschauen ?

hier ist trotzdem mal der link
hxxp://forums.malwarebytes.org/index.php?showtopic=117535
__________________

Geändert von Nightcab (21.10.2012 um 10:26 Uhr)

Alt 21.10.2012, 11:16   #4
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,


Danke für den Link.



Zitat:
Zitat von Nightcab Beitrag anzeigen
du würdest also jetzt mit combofix weitermachen ?
Wenn ich an deiner Stelle wäre, würde ich das machen, was mir der Helfer im MBAM-Forum sagt, also mit ComboFix weitermachen, ja.


Zitat:
Zitat von Nightcab Beitrag anzeigen
und dir meine logs anschauen ?
Wie ich vorhin schon erwähnte, macht es wenig Sinn, wenn zwei Helfer deine Logdateien analysieren, denn damit bindest du doppelte Helferkapazitäten... und es gibt genügend Leute, die Hilfe benötigen...

Nicht, dass du mich jetzt nicht falsch verstehst. Ich würde dir sofort helfen, wenn du bei MBAM kein Thema offen hättest.


Zitat:
Zitat von Nightcab Beitrag anzeigen
ich würde gerne hier mit der bereinigung weitermachen, wenn irgendwie möglich ....
Das geht nur, wenn du im MBAM-Forum deutlich machst, dass du hier Hilfe in Anspruch nehmen willst (wegen Verständnis von der Sprache her, etc.) und sie das Thema auf MBAM beenden können.

Alt 21.10.2012, 11:49   #5
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



ok - das werde ich machen -

hier ist das combofix-log : (ich habe danach wieder mit mwb gesannt, nachwie wievor das gleiche ergebnis :-( )
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-21.01 - Dirk 21.10.2012  12:02:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2324 [GMT 2:00]
ausgeführt von:: c:\users\Dirk\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xmlC3A3.tmp
c:\programdata\xmlC4FB.tmp
c:\programdata\xmlC598.tmp
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\samsrv.dll wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_10145eccb79418a5\samsrv.dll wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-21 bis 2012-10-21  ))))))))))))))))))))))))))))))
.
.
2012-10-21 10:12 . 2012-10-21 10:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-20 10:44 . 2012-10-02 11:17	972192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CACCC821-4508-4993-B103-8F3E4271B703}\gapaengine.dll
2012-10-20 10:43 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{516F408E-1859-420B-A186-26B73FFB39DE}\mpengine.dll
2012-10-19 13:56 . 2012-10-19 13:56	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-10-19 10:03 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-15 09:56 . 2012-10-15 09:56	--------	d-----w-	c:\users\Dirk\AppData\Roaming\Avira
2012-10-15 09:50 . 2012-09-24 07:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-15 09:50 . 2012-10-01 15:14	129576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-15 09:50 . 2012-09-13 13:52	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-15 09:50 . 2012-10-15 09:50	--------	d-----w-	c:\program files (x86)\Avira
2012-10-11 21:27 . 2012-10-19 07:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 21:27 . 2012-09-29 17:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-11 21:15 . 2012-10-11 21:15	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2012-10-11 21:15 . 2012-10-19 11:29	--------	d-----w-	c:\programdata\Spyware Terminator
2012-10-11 21:15 . 2012-10-11 21:15	--------	d-----w-	c:\users\Dirk\AppData\Roaming\Spyware Terminator
2012-10-11 21:13 . 2012-10-11 21:16	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2012-10-10 11:35 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 11:35 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 11:35 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 11:35 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 11:35 . 2012-08-20 18:48	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-10-10 11:35 . 2012-08-20 18:48	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-10-10 11:35 . 2012-08-20 18:48	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-10-09 17:11 . 2012-10-09 17:11	--------	d-----w-	c:\users\Dirk\AppData\Roaming\TwonkyMedia
2012-10-09 16:38 . 2012-10-09 19:07	--------	d-----w-	c:\programdata\twonkyclient
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\program files (x86)\Philips
2012-10-09 16:36 . 2012-10-21 10:14	--------	d-----w-	c:\programdata\TwonkyServer
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\users\Dirk\AppData\Roaming\TwonkyServer
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\program files (x86)\Twonky
2012-09-30 12:43 . 2012-09-30 12:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-30 12:42 . 2012-09-30 12:42	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 12:42 . 2012-09-30 12:42	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-25 23:30 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-22 13:03 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-09-22 13:03 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-09-22 12:52 . 2012-09-22 12:52	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-09-22 12:52 . 2012-09-22 12:52	--------	d-----r-	c:\program files (x86)\Skype
2012-09-22 12:43 . 2012-09-22 12:43	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-09-22 12:35 . 2012-09-22 12:35	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-22 11:01 . 2012-08-24 10:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 13:45 . 2010-02-05 00:08	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 09:50 . 2012-03-29 22:09	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 09:50 . 2012-03-23 11:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 11:17 . 2011-03-26 07:52	972192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 12:42 . 2010-06-10 12:23	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-22 12:35 . 2011-12-26 20:52	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-22 12:35 . 2011-12-26 20:52	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-22 12:35 . 2011-12-26 20:52	188904	----a-w-	c:\windows\system32\java.exe
2012-09-22 12:35 . 2011-12-26 20:52	1034216	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-22 12:35 . 2010-07-16 13:31	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 20:25	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 09:25	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:25	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:25	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:25	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 11:34	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:25	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:25	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-05-25 03:06	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2009-09-23 10:15	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-05-25 02:24	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\WINDOWS SIDEBAR\SIDEBAR.EXE" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 ezjdnrvn;ezjdnrvn;c:\windows\system32\drivers\ezjdnrvn.sys [x]
R1 mepkskhg;mepkskhg;c:\windows\system32\drivers\mepkskhg.sys [x]
R1 nlxmhzrb;nlxmhzrb;c:\windows\system32\drivers\nlxmhzrb.sys [x]
R1 qmpigauc;qmpigauc;c:\windows\system32\drivers\qmpigauc.sys [x]
R1 rerqhvxm;rerqhvxm;c:\windows\system32\drivers\rerqhvxm.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 tyhdrvnx;tyhdrvnx;c:\windows\system32\drivers\tyhdrvnx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-05 79360]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-06-27 21712]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-07-21 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59880]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-10-11 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-06 1148664]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [2012-07-09 545608]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [2012-07-09 549704]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [2012-07-09 271176]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 41888]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:50]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 09:06]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=de&refresh=1
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-09-11 15:36; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2012-09-28 16:06; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2012-10-19 10:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - user.js: yahoo.homepage.dontask - true
user_pref('extensions.dealply.partner', 'answ');
user_pref('extensions.dealply.channel', 'answ1');
user_pref('extensions.dealply.installId', 'v24300229168323830735172012091113585121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-11025121.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-165219653-1318400475-4160583612-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,6a,5a,43,13,ae,9f,92,66,d3,99,23,19,87,e2,dc,91,e7,b6,48,10,
   47,dd,ad,8f,c0,ae,6c,d6,2f,06,59,1a,4f,91,b6,3e,e6,6a,39,88,12,d1,57,5a,18,\
"rkeysecu"=hex:ce,cb,b9,b2,2d,7c,7d,22,e6,6f,86,9c,f7,fb,e3,c4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-21  12:23:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-21 10:23
.
Vor Suchlauf: 12 Verzeichnis(se), 75.462.926.336 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 75.071.213.568 Bytes frei
.
- - End Of File - - FCF6E17983AC40826ECBAC0CB4BC801A
         
--- --- ---


Alt 21.10.2012, 12:15   #6
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,



Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall
CCleaner
Wise PC Engineer 6.4.2
Wise Registry Cleaner 6.21
.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Mir ist aufgefallen, dass Du mehr als ein Anti-Virus-Programm mit Hintergrundwächter laufen hast:
Code:
ATTFilter
Microsoft Security Essentials
Avira
         
Das ist gefährlich, da sich die Programme in die Quere kommen können und dadurch Viren erst recht auf dem Rechner landen können. Ausserdem bremst es auch das System aus. Entscheide Dich für eine Variante und deinstalliere die andere über Systemsteuerung => Programme deinstallieren / Software.
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast.

Zitat:
Speedy hat letztens eine einleuchtende Erklärung dazu geliefert: "Man stelle sich einen Torwart vor, der das Tor hüten soll (Anti-Virus-Programm), der Ball kommt angeflogen (Virus), der Torhüter konzentriert sich auf den Ball und fängt ihn. Jetzt stelle Dir zwei Torhüter im Tor vor ...., die knallen aneinander und der Ball kann ungehindert ins Tor wandern."




Schritt 3
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Driver::
ezjdnrvn
mepkskhg
nlxmhzrb
qmpigauc
rerqhvxm
tyhdrvnx

DDS::
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp

FireFox::
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
user_pref('extensions.dealply.partner', 'answ');
user_pref('extensions.dealply.channel', 'answ1');
user_pref('extensions.dealply.installId', 'v24300229168323830735172012091113585121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.





Schritt 4
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die Logdatei von AdwCleaner.

Alt 21.10.2012, 13:14   #7
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



Schritt 1 : alles entfernt
Schritt 2 : ich habe avira entfernt - reicht microsoft s e allein komplett aus ?
schritt 3 :
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-21.01 - Dirk 21.10.2012  13:44:38.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2656 [GMT 2:00]
ausgeführt von:: c:\users\Dirk\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-21 bis 2012-10-21  ))))))))))))))))))))))))))))))
.
.
2012-10-21 11:55 . 2012-10-21 11:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-21 10:54 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BD54984-7CAB-4BEA-A077-0D894A15CC65}\mpengine.dll
2012-10-21 10:35 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 10:44 . 2012-10-02 11:17	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CACCC821-4508-4993-B103-8F3E4271B703}\gapaengine.dll
2012-10-19 13:56 . 2012-10-19 13:56	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-10-11 21:27 . 2012-10-19 07:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 21:27 . 2012-09-29 17:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-11 21:15 . 2012-10-11 21:15	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2012-10-11 21:15 . 2012-10-19 11:29	--------	d-----w-	c:\programdata\Spyware Terminator
2012-10-11 21:15 . 2012-10-11 21:15	--------	d-----w-	c:\users\Dirk\AppData\Roaming\Spyware Terminator
2012-10-11 21:13 . 2012-10-11 21:16	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2012-10-10 11:35 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 11:35 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 11:35 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 11:35 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 11:35 . 2012-08-20 18:48	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-10-10 11:35 . 2012-08-20 18:48	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-10-10 11:35 . 2012-08-20 18:48	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-10-09 17:11 . 2012-10-09 17:11	--------	d-----w-	c:\users\Dirk\AppData\Roaming\TwonkyMedia
2012-10-09 16:38 . 2012-10-09 19:07	--------	d-----w-	c:\programdata\twonkyclient
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\program files (x86)\Philips
2012-10-09 16:36 . 2012-10-21 11:28	--------	d-----w-	c:\programdata\TwonkyServer
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\users\Dirk\AppData\Roaming\TwonkyServer
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\program files (x86)\Twonky
2012-09-30 12:43 . 2012-09-30 12:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-30 12:42 . 2012-09-30 12:42	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 12:42 . 2012-09-30 12:42	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-25 23:30 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-22 13:03 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-09-22 13:03 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-09-22 12:52 . 2012-09-22 12:52	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-09-22 12:52 . 2012-09-22 12:52	--------	d-----r-	c:\program files (x86)\Skype
2012-09-22 12:43 . 2012-09-22 12:43	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-09-22 12:35 . 2012-09-22 12:35	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-22 11:01 . 2012-08-24 10:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 13:45 . 2010-02-05 00:08	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 09:50 . 2012-03-29 22:09	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 09:50 . 2012-03-23 11:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 11:17 . 2011-03-26 07:52	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 12:42 . 2010-06-10 12:23	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-22 12:35 . 2011-12-26 20:52	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-22 12:35 . 2011-12-26 20:52	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-22 12:35 . 2011-12-26 20:52	188904	----a-w-	c:\windows\system32\java.exe
2012-09-22 12:35 . 2011-12-26 20:52	1034216	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-22 12:35 . 2010-07-16 13:31	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 20:25	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 09:25	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:25	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:25	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:25	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 11:34	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:25	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:25	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-05-25 03:06	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2009-09-23 10:15	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-05-25 02:24	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\WINDOWS SIDEBAR\SIDEBAR.EXE" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 ezjdnrvn;ezjdnrvn;c:\windows\system32\drivers\ezjdnrvn.sys [x]
R1 mepkskhg;mepkskhg;c:\windows\system32\drivers\mepkskhg.sys [x]
R1 nlxmhzrb;nlxmhzrb;c:\windows\system32\drivers\nlxmhzrb.sys [x]
R1 qmpigauc;qmpigauc;c:\windows\system32\drivers\qmpigauc.sys [x]
R1 rerqhvxm;rerqhvxm;c:\windows\system32\drivers\rerqhvxm.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R1 tyhdrvnx;tyhdrvnx;c:\windows\system32\drivers\tyhdrvnx.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-05 79360]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-06-27 21712]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-07-21 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59880]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-10-11 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-06 1148664]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [2012-07-09 545608]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [2012-07-09 549704]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [2012-07-09 271176]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 41888]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:50]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 09:06]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=de&refresh=1
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-09-11 15:36; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - ExtSQL: 2012-09-28 16:06; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2012-10-19 10:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - user.js: yahoo.homepage.dontask - true
user_pref('extensions.dealply.partner', 'answ');
user_pref('extensions.dealply.channel', 'answ1');
user_pref('extensions.dealply.installId', 'v24300229168323830735172012091113585121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-165219653-1318400475-4160583612-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,6a,5a,43,13,ae,9f,92,66,d3,99,23,19,87,e2,dc,91,e7,b6,48,10,
   47,dd,ad,8f,c0,ae,6c,d6,2f,06,59,1a,4f,91,b6,3e,e6,6a,39,88,12,d1,57,5a,18,\
"rkeysecu"=hex:ce,cb,b9,b2,2d,7c,7d,22,e6,6f,86,9c,f7,fb,e3,c4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-21  14:01:38
ComboFix-quarantined-files.txt  2012-10-21 12:01
ComboFix2.txt  2012-10-21 10:23
.
Vor Suchlauf: 14 Verzeichnis(se), 76.235.247.616 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 75.807.858.688 Bytes frei
.
- - End Of File - - 2094846FFF3F7DE27DE9DD56E3AB1694
         
--- --- ---

Schritt 4 :

# AdwCleaner v2.005 - Datei am 21/10/2012 um 14:05:46 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Dirk - DIRK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dirk\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\Conduit
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\ConduitEngine
Ordner Gelöscht : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=1586&gct=hp --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (de)

Profilname : default
Datei : C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\prefs.js

C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\user.js ... Gelöscht !

Gelöscht : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2682599,CT1606659");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1606659/CT1606659[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=1075026&fid=1070730", "\"0\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=19675&fid=19288", "\"0\"");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/19675/19288/DE", "\"0\"");
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1606659", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2682599", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1606659",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2682599&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1606659/CT1606659[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Mar 25 2011 00:28:52 GMT+01[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Jun 23 2011 11:20:18 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 13:05:53 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{22dfbaa1-eb68-49cb-9245-7151a04a5dfb}");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "23409ff1-1b9d-4284-b7e8-92dd1b932525");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1606659");
Gelöscht : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jun 12 2011 20:45:14 GMT+0200");
Gelöscht : user_pref("ConduitEngine.BrowserCompStateIsOpen_3976808699496931956", true);
Gelöscht : user_pref("ConduitEngine.BrowserCompStateIsOpen_8556964412163870795", true);
Gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Mar 25 2011 00:28:52 GMT+0100");
Gelöscht : user_pref("ConduitEngine.FirstServerDate", "03/25/2011 02");
Gelöscht : user_pref("ConduitEngine.FirstTime", true);
Gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Gelöscht : user_pref("ConduitEngine.Initialize", true);
Gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Gelöscht : user_pref("ConduitEngine.InstalledDate", "Fri Mar 25 2011 00:28:52 GMT+0100");
Gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Mar 25 2011 00:28:52 GMT+0100");
Gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Mar 25 2011 07:10:45 GMT+0100");
Gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Mar 25 2011 07:10:45 GMT+0100");
Gelöscht : user_pref("ConduitEngine.UserID", "UN93509378954351257");
Gelöscht : user_pref("ConduitEngine.approveUntrustedApps", false);
Gelöscht : user_pref("ConduitEngine.backendstorage._fb_dailyactivity", "31333031303339323033373939");
Gelöscht : user_pref("ConduitEngine.backendstorage._fb_lifetimesent", "54525545");
Gelöscht : user_pref("ConduitEngine.backendstorage.facebook_ctid_connect_send", "73656E646564");
Gelöscht : user_pref("ConduitEngine.backendstorage.ytapp_dailyactivity", "31333031303339323735363932");
Gelöscht : user_pref("ConduitEngine.backendstorage.ytapp_lifetimesent", "54525545");
Gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Gelöscht : user_pref("ConduitEngine.counterAppsAdded", 4);
Gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Mar 25 2011 00:28:52 GMT+0100");
Gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Mar 25 2011 07:10:46 GMT+0100");
Gelöscht : user_pref("ConduitEngine.initDone", true);
Gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "DieStaemme Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Gelöscht : user_pref("extensions.vshare@toolbar.install-event-fired", true);
Gelöscht : user_pref("extensions.vshare@toolbar.update.enabled", false);
Gelöscht : user_pref("vshare.install.fresh", "true");

-\\ Opera v11.64.1403.0

Datei : C:\Users\Dirk\AppData\Roaming\Opera\Opera\operaprefs.ini

Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll,Winamp A[...]
Gelöscht : application/x-winampx-1.0.0.1=,0

*************************

AdwCleaner[S1].txt - [11709 octets] - [21/10/2012 14:05:50]

########## EOF - C:\AdwCleaner[S1].txt - [11770 octets] ##########

Alt 21.10.2012, 13:39   #8
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,



Du hast ComboFix falsch ausgeführt... daher versuchen wir es gleich nochmal, aber diesmal bitte genau lesen!




Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Driver::
ezjdnrvn
mepkskhg
nlxmhzrb
qmpigauc
rerqhvxm
tyhdrvnx

DDS::
uStart Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp

FireFox::
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
user_pref('extensions.dealply.partner', 'answ');
user_pref('extensions.dealply.channel', 'answ1');
user_pref('extensions.dealply.installId', 'v24300229168323830735172012091113585121');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '1');
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Alt 21.10.2012, 14:23   #9
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



jo - ich habe das script nicht rübergezogen, ich hoffe jetzt ist besser :
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-21.01 - Dirk 21.10.2012  14:57:24.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4091.2626 [GMT 2:00]
ausgeführt von:: c:\users\Dirk\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dirk\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ezjdnrvn
-------\Service_mepkskhg
-------\Service_nlxmhzrb
-------\Service_qmpigauc
-------\Service_rerqhvxm
-------\Service_tyhdrvnx
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-21 bis 2012-10-21  ))))))))))))))))))))))))))))))
.
.
2012-10-21 13:08 . 2012-10-21 13:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-21 12:26 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27EFE3B1-646C-4BDB-94B4-C13E36DA1316}\mpengine.dll
2012-10-21 10:35 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-20 10:44 . 2012-10-02 11:17	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CACCC821-4508-4993-B103-8F3E4271B703}\gapaengine.dll
2012-10-19 13:56 . 2012-10-19 13:56	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-10-11 21:27 . 2012-10-19 07:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-11 21:27 . 2012-09-29 17:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-11 21:15 . 2012-10-11 21:15	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2012-10-11 21:15 . 2012-10-19 11:29	--------	d-----w-	c:\programdata\Spyware Terminator
2012-10-11 21:15 . 2012-10-11 21:15	--------	d-----w-	c:\users\Dirk\AppData\Roaming\Spyware Terminator
2012-10-11 21:13 . 2012-10-11 21:16	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2012-10-10 11:35 . 2012-08-31 18:19	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 11:35 . 2012-08-30 18:03	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-10 11:35 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 11:35 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 11:35 . 2012-08-20 18:48	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-10-10 11:35 . 2012-08-20 18:48	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-10-10 11:35 . 2012-08-20 18:48	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-10-09 17:11 . 2012-10-09 17:11	--------	d-----w-	c:\users\Dirk\AppData\Roaming\TwonkyMedia
2012-10-09 16:38 . 2012-10-09 19:07	--------	d-----w-	c:\programdata\twonkyclient
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\program files (x86)\Philips
2012-10-09 16:36 . 2012-10-21 13:10	--------	d-----w-	c:\programdata\TwonkyServer
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\users\Dirk\AppData\Roaming\TwonkyServer
2012-10-09 16:36 . 2012-10-09 16:36	--------	d-----w-	c:\program files (x86)\Twonky
2012-09-30 12:43 . 2012-09-30 12:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-09-30 12:42 . 2012-09-30 12:42	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 12:42 . 2012-09-30 12:42	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-25 23:30 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-22 13:03 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-09-22 13:03 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-09-22 12:52 . 2012-09-22 12:52	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-09-22 12:52 . 2012-09-22 12:52	--------	d-----r-	c:\program files (x86)\Skype
2012-09-22 12:43 . 2012-09-22 12:43	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-09-22 12:35 . 2012-09-22 12:35	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-22 11:01 . 2012-08-24 10:09	2382848	----a-w-	c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 13:45 . 2010-02-05 00:08	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-10-09 09:50 . 2012-03-29 22:09	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 09:50 . 2012-03-23 11:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 11:17 . 2011-03-26 07:52	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-30 12:42 . 2010-06-10 12:23	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-22 12:35 . 2011-12-26 20:52	289768	----a-w-	c:\windows\system32\javaws.exe
2012-09-22 12:35 . 2011-12-26 20:52	189416	----a-w-	c:\windows\system32\javaw.exe
2012-09-22 12:35 . 2011-12-26 20:52	188904	----a-w-	c:\windows\system32\java.exe
2012-09-22 12:35 . 2011-12-26 20:52	1034216	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-09-22 12:35 . 2010-07-16 13:31	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 20:25	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-22 18:12 . 2012-09-12 09:25	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:25	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:25	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:25	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 11:34	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:25	574464	----a-w-	c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:25	490496	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07	10278912	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	70144	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19	24935424	----a-w-	c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15	931328	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2011-05-25 03:06	1100288	----a-w-	c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	534528	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07	6430208	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2009-09-23 10:15	7052288	----a-w-	c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41	4266496	----a-w-	c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34	16034304	----a-w-	c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25	6676480	----a-w-	c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15	540160	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15	17920	----a-w-	c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	368640	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-05-25 02:24	129536	----a-w-	c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	103936	----a-w-	c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56320	----a-w-	c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	16464896	----a-w-	c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-05 79360]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-06-27 21712]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe [2009-07-21 93848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 65072]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59880]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-10-11 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-06 1148664]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [2012-07-09 545608]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [2012-07-09 549704]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [2012-07-09 271176]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 41888]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:50]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 09:06]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 09:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=de&refresh=1
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2012-09-28 16:06; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2012-10-19 10:32; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Siedler3Deinstall - c:\windows\IsUn0407.exe
AddRemove-Siedler3MissionUninstall - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-165219653-1318400475-4160583612-1000\Software\SecuROM\License information*]
"datasecu"=hex:44,6a,5a,43,13,ae,9f,92,66,d3,99,23,19,87,e2,dc,91,e7,b6,48,10,
   47,dd,ad,8f,c0,ae,6c,d6,2f,06,59,1a,4f,91,b6,3e,e6,6a,39,88,12,d1,57,5a,18,\
"rkeysecu"=hex:ce,cb,b9,b2,2d,7c,7d,22,e6,6f,86,9c,f7,fb,e3,c4
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-21  15:18:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-21 13:18
ComboFix2.txt  2012-10-21 12:01
ComboFix3.txt  2012-10-21 10:23
.
Vor Suchlauf: 14 Verzeichnis(se), 75.908.165.632 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 75.436.978.176 Bytes frei
.
- - End Of File - - AE28C006EF5F4E99F41B2442D96782FD
         
--- --- ---

Alt 21.10.2012, 19:31   #10
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,



Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Alt 21.10.2012, 21:54   #11
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



der OTL.txt OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2012 22:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dirk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,17% Memory free
7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,33 Gb Free Space | 48,04% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 89,53 Gb Free Space | 28,04% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.21 22:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
PRC - [2012.10.12 10:45:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 01:57:30 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 01:57:20 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.09 20:51:26 | 001,672,008 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
PRC - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010.01.14 16:08:18 | 000,148,752 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFUN.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.12 10:45:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.12 10:45:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 11:50:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 01:57:38 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 02:04:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 03:56:20 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.11 23:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.02.15 18:20:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.15 18:20:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.08.23 04:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV - [2010.06.27 13:54:49 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 3F 14 8F FA A5 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{36F876FA-C78A-49A1-AE63-810ECDA7A709}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9e878a34-cffe-4636-bdaa-60b8521c7776&apn_sauid=3AE7C811-A9A4-45A7-B4AE-32918DCEC770
IE - HKCU\..\SearchScopes\{CE0AB267-5174-467B-852F-6D84185754F2}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?hl=de&refresh=1"
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {e0dcd7a1-949c-490a-bd7b-d733c2bda820}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dirk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pageplace.de/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF - HKCU\Software\MozillaPlugins\telekom.com/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 10:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 12:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.16 22:28:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:45:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 10:45:38 | 000,000,000 | ---D | M]
 
[2010.02.05 14:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions
[2010.02.05 14:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.21 14:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions
[2012.10.10 23:04:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.03 16:38:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.28 16:06:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.20 10:46:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\firefox@ghostery.com
[2012.07.06 12:43:47 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.10.19 10:32:07 | 000,529,693 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 23:38:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.22 04:08:25 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.11 12:45:05 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.17 00:26:29 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-10.xml
[2010.12.10 02:56:44 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-11.xml
[2011.03.02 12:44:11 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-12.xml
[2010.06.23 13:39:45 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-4.xml
[2010.07.22 00:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-5.xml
[2010.07.25 03:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-6.xml
[2010.09.09 15:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-7.xml
[2010.09.17 03:33:56 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-8.xml
[2010.10.20 12:37:59 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-9.xml
[2012.10.12 10:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.12 10:45:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.10.12 10:45:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.21 15:10:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.21 22:28:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2012.10.21 15:18:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.21 15:10:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.21 14:48:13 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe
[2012.10.21 11:59:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.21 11:59:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.21 11:59:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.21 11:59:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.21 11:58:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.19 15:56:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.19 15:43:04 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe
[2012.10.19 15:40:14 | 000,815,665 | ---- | C] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe
[2012.10.19 15:34:18 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe
[2012.10.19 14:55:10 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\RK_Quarantine
[2012.10.19 14:38:57 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\dds.com
[2012.10.13 10:31:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.12 10:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 23:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 23:27:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.11 23:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.11 23:15:59 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.10.11 23:15:49 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Spyware Terminator
[2012.10.11 23:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.10.11 23:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.10.11 23:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.10.10 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2012.10.09 19:11:44 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyMedia
[2012.10.09 18:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\twonkyclient
[2012.10.09 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
[2012.10.09 18:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips
[2012.10.09 18:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyServer
[2012.10.09 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyServer
[2012.10.09 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twonky
[2012.09.30 14:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.22 14:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.22 14:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.22 14:52:00 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.22 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.09.22 14:43:31 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.09.22 14:34:12 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 22:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2012.10.21 22:27:41 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 22:27:41 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 22:20:21 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.21 22:20:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 22:20:08 | 3217,674,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 18:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.21 17:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.21 15:10:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.21 14:48:25 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe
[2012.10.21 14:05:10 | 000,538,941 | ---- | M] () -- C:\Users\Dirk\Desktop\adwcleaner.exe
[2012.10.19 15:42:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe
[2012.10.19 15:40:01 | 000,815,665 | ---- | M] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe
[2012.10.19 15:33:56 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe
[2012.10.19 14:54:43 | 001,425,920 | ---- | M] () -- C:\Users\Dirk\Desktop\RogueKiller.exe
[2012.10.19 14:37:57 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\dds.com
[2012.10.19 09:57:42 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.14 10:43:22 | 000,316,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 23:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.10.11 23:15:48 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.11 16:03:01 | 000,075,106 | ---- | M] () -- C:\Users\Dirk\Documents\cc_20121011_160249.reg
[2012.10.11 12:59:29 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.09 18:37:18 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\MediaManager.lnk
[2012.10.09 18:36:31 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv7
[2012.10.09 14:43:28 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.10.02 13:01:43 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.02 13:01:37 | 000,607,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.02 13:01:37 | 000,100,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 16:06:44 | 000,001,311 | ---- | M] () -- C:\Users\Dirk\Desktop\Free YouTube Download.lnk
[2012.09.22 14:52:03 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.22 14:43:31 | 000,001,273 | ---- | M] () -- C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
[2012.09.22 14:34:12 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.21 14:05:10 | 000,538,941 | ---- | C] () -- C:\Users\Dirk\Desktop\adwcleaner.exe
[2012.10.21 11:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.21 11:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.21 11:59:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.21 11:59:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.21 11:59:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.19 14:55:02 | 001,425,920 | ---- | C] () -- C:\Users\Dirk\Desktop\RogueKiller.exe
[2012.10.14 10:43:12 | 000,316,360 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 23:27:35 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 23:15:48 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.11 16:02:51 | 000,075,106 | ---- | C] () -- C:\Users\Dirk\Documents\cc_20121011_160249.reg
[2012.10.09 18:37:18 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\MediaManager.lnk
[2012.10.09 18:36:31 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2012.09.28 16:06:44 | 000,001,311 | ---- | C] () -- C:\Users\Dirk\Desktop\Free YouTube Download.lnk
[2012.09.22 14:52:03 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.22 14:43:31 | 000,001,273 | ---- | C] () -- C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
[2012.09.22 14:34:12 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.05.09 14:51:47 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.25 13:06:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.25 13:06:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.01.26 01:25:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.10 02:04:57 | 000,003,584 | ---- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 16:09:14 | 011,141,120 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.01 00:23:31 | 000,007,626 | ---- | C] () -- C:\Users\Dirk\AppData\Local\Resmon.ResmonCfg
[2010.06.22 15:05:25 | 001,482,752 | ---- | C] () -- C:\Users\Dirk\NTUSER.rhk
[2010.02.06 03:22:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.05.24 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\.minecraft
[2010.05.06 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\4Media
[2010.05.07 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Ashampoo
[2012.03.16 10:00:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Audacity
[2010.11.19 20:15:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\BitZipper
[2010.02.09 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Canneverbe Limited
[2012.06.03 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Canon
[2010.12.13 13:13:19 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\dvdisaster
[2012.09.28 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\DVDVideoSoft
[2012.09.28 16:06:46 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.18 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\everlight
[2011.12.13 14:23:54 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\FileZilla
[2011.04.04 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Firefly Studios
[2011.09.26 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Foxit Software
[2011.12.26 00:04:16 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ICQ
[2010.02.06 02:43:54 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ICQLite
[2010.12.20 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ImgBurn
[2010.02.05 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\IrfanView
[2011.01.07 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Leadertech
[2010.02.08 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\OpenOffice.org
[2010.04.09 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Opera
[2011.06.23 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\RIFT
[2012.07.16 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Sony
[2012.10.11 23:15:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Spyware Terminator
[2010.02.05 14:05:04 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Thunderbird
[2012.08.06 14:21:40 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Tropico 3
[2011.11.11 19:34:44 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Tropico 4 Demo
[2012.10.11 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\TS3Client
[2012.01.06 18:55:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ts3overlay
[2012.10.09 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\TwonkyMedia
[2012.10.09 18:36:26 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\TwonkyServer
[2011.11.20 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


der OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2012 22:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dirk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 62,17% Memory free
7,99 Gb Paging File | 6,28 Gb Available in Paging File | 78,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,33 Gb Free Space | 48,04% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 89,53 Gb Free Space | 28,04% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.21 22:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
PRC - [2012.10.12 10:45:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 01:57:30 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 01:57:20 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.09 20:51:26 | 001,672,008 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
PRC - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010.01.14 16:08:18 | 000,148,752 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFUN.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.12 10:45:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.12 10:45:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 11:50:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 01:57:38 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 02:04:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 03:56:20 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.11 23:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.02.15 18:20:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.15 18:20:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.08.23 04:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV - [2010.06.27 13:54:49 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 3F 14 8F FA A5 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{36F876FA-C78A-49A1-AE63-810ECDA7A709}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9e878a34-cffe-4636-bdaa-60b8521c7776&apn_sauid=3AE7C811-A9A4-45A7-B4AE-32918DCEC770
IE - HKCU\..\SearchScopes\{CE0AB267-5174-467B-852F-6D84185754F2}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?hl=de&refresh=1"
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {e0dcd7a1-949c-490a-bd7b-d733c2bda820}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dirk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pageplace.de/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF - HKCU\Software\MozillaPlugins\telekom.com/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 10:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 12:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.16 22:28:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:45:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 10:45:38 | 000,000,000 | ---D | M]
 
[2010.02.05 14:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions
[2010.02.05 14:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.21 14:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions
[2012.10.10 23:04:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.03 16:38:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.28 16:06:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.20 10:46:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\firefox@ghostery.com
[2012.07.06 12:43:47 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.10.19 10:32:07 | 000,529,693 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 23:38:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.22 04:08:25 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.11 12:45:05 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.17 00:26:29 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-10.xml
[2010.12.10 02:56:44 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-11.xml
[2011.03.02 12:44:11 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-12.xml
[2010.06.23 13:39:45 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-4.xml
[2010.07.22 00:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-5.xml
[2010.07.25 03:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-6.xml
[2010.09.09 15:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-7.xml
[2010.09.17 03:33:56 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-8.xml
[2010.10.20 12:37:59 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-9.xml
[2012.10.12 10:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.12 10:45:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.10.12 10:45:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.21 15:10:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.21 22:28:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2012.10.21 15:18:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.21 15:10:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.21 14:48:13 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe
[2012.10.21 11:59:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.21 11:59:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.21 11:59:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.21 11:59:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.21 11:58:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.19 15:56:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.19 15:43:04 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe
[2012.10.19 15:40:14 | 000,815,665 | ---- | C] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe
[2012.10.19 15:34:18 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe
[2012.10.19 14:55:10 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\RK_Quarantine
[2012.10.19 14:38:57 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\dds.com
[2012.10.13 10:31:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.12 10:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 23:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 23:27:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.11 23:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.11 23:15:59 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.10.11 23:15:49 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Spyware Terminator
[2012.10.11 23:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.10.11 23:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.10.11 23:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.10.10 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2012.10.09 19:11:44 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyMedia
[2012.10.09 18:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\twonkyclient
[2012.10.09 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
[2012.10.09 18:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips
[2012.10.09 18:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyServer
[2012.10.09 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyServer
[2012.10.09 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twonky
[2012.09.30 14:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.22 14:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.22 14:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.09.22 14:52:00 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.09.22 14:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.09.22 14:43:31 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.09.22 14:34:12 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.21 22:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2012.10.21 22:27:41 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 22:27:41 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.21 22:20:21 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.21 22:20:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 22:20:08 | 3217,674,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.21 18:08:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.21 17:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.21 15:10:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.21 14:48:25 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe
[2012.10.21 14:05:10 | 000,538,941 | ---- | M] () -- C:\Users\Dirk\Desktop\adwcleaner.exe
[2012.10.19 15:42:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe
[2012.10.19 15:40:01 | 000,815,665 | ---- | M] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe
[2012.10.19 15:33:56 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe
[2012.10.19 14:54:43 | 001,425,920 | ---- | M] () -- C:\Users\Dirk\Desktop\RogueKiller.exe
[2012.10.19 14:37:57 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\dds.com
[2012.10.19 09:57:42 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.14 10:43:22 | 000,316,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 23:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.10.11 23:15:48 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.11 16:03:01 | 000,075,106 | ---- | M] () -- C:\Users\Dirk\Documents\cc_20121011_160249.reg
[2012.10.11 12:59:29 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.09 18:37:18 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\MediaManager.lnk
[2012.10.09 18:36:31 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv7
[2012.10.09 14:43:28 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.10.02 13:01:43 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.02 13:01:37 | 000,607,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.02 13:01:37 | 000,100,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 16:06:44 | 000,001,311 | ---- | M] () -- C:\Users\Dirk\Desktop\Free YouTube Download.lnk
[2012.09.22 14:52:03 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.22 14:43:31 | 000,001,273 | ---- | M] () -- C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
[2012.09.22 14:34:12 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.21 14:05:10 | 000,538,941 | ---- | C] () -- C:\Users\Dirk\Desktop\adwcleaner.exe
[2012.10.21 11:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.21 11:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.21 11:59:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.21 11:59:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.21 11:59:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.19 14:55:02 | 001,425,920 | ---- | C] () -- C:\Users\Dirk\Desktop\RogueKiller.exe
[2012.10.14 10:43:12 | 000,316,360 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 23:27:35 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 23:15:48 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.11 16:02:51 | 000,075,106 | ---- | C] () -- C:\Users\Dirk\Documents\cc_20121011_160249.reg
[2012.10.09 18:37:18 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\MediaManager.lnk
[2012.10.09 18:36:31 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2012.09.28 16:06:44 | 000,001,311 | ---- | C] () -- C:\Users\Dirk\Desktop\Free YouTube Download.lnk
[2012.09.22 14:52:03 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.22 14:43:31 | 000,001,273 | ---- | C] () -- C:\Users\Dirk\Desktop\Revo Uninstaller.lnk
[2012.09.22 14:34:12 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012.05.09 14:51:47 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.25 13:06:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.25 13:06:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.01.26 01:25:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.10 02:04:57 | 000,003,584 | ---- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 16:09:14 | 011,141,120 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.01 00:23:31 | 000,007,626 | ---- | C] () -- C:\Users\Dirk\AppData\Local\Resmon.ResmonCfg
[2010.06.22 15:05:25 | 001,482,752 | ---- | C] () -- C:\Users\Dirk\NTUSER.rhk
[2010.02.06 03:22:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.05.24 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\.minecraft
[2010.05.06 14:55:42 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\4Media
[2010.05.07 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Ashampoo
[2012.03.16 10:00:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Audacity
[2010.11.19 20:15:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\BitZipper
[2010.02.09 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Canneverbe Limited
[2012.06.03 20:57:29 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Canon
[2010.12.13 13:13:19 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\dvdisaster
[2012.09.28 16:06:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\DVDVideoSoft
[2012.09.28 16:06:46 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.18 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\everlight
[2011.12.13 14:23:54 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\FileZilla
[2011.04.04 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Firefly Studios
[2011.09.26 14:29:39 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Foxit Software
[2011.12.26 00:04:16 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ICQ
[2010.02.06 02:43:54 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ICQLite
[2010.12.20 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ImgBurn
[2010.02.05 13:44:11 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\IrfanView
[2011.01.07 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Leadertech
[2010.02.08 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\OpenOffice.org
[2010.04.09 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Opera
[2011.06.23 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\RIFT
[2012.07.16 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Sony
[2012.10.11 23:15:49 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Spyware Terminator
[2010.02.05 14:05:04 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Thunderbird
[2012.08.06 14:21:40 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Tropico 3
[2011.11.11 19:34:44 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Tropico 4 Demo
[2012.10.11 16:01:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\TS3Client
[2012.01.06 18:55:02 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\ts3overlay
[2012.10.09 19:11:44 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\TwonkyMedia
[2012.10.09 18:36:26 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\TwonkyServer
[2011.11.20 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\Dirk\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

frag mich bitte nicht , warum der otl.txt jetzt 2mal da ist^^

und , machen wir fortschritte ? ^^

Alt 22.10.2012, 16:39   #12
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,


ich seh da keine Malware mehr in deinen Logdateien.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\..\SearchScopes\{36F876FA-C78A-49A1-AE63-810ECDA7A709}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9e878a34-cffe-4636-bdaa-60b8521c7776&apn_sauid=3AE7C811-A9A4-45A7-B4AE-32918DCEC770

:Commands
[emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread






Schritt 2
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Wie läuft dein Rechner derzeit?
Gibt es noch Probleme? Wenn ja, welche?






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck,
  • die Beantwortung der gestellten Fragen.

Alt 22.10.2012, 21:18   #13
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



otl

otl

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36F876FA-C78A-49A1-AE63-810ECDA7A709}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36F876FA-C78A-49A1-AE63-810ECDA7A709}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dirk
->Temp folder emptied: 339829 bytes
->Temporary Internet Files folder emptied: 8857260 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 123545518 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2061 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12162 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 32291694 bytes

Total Files Cleaned = 157,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10222012_175026

Files\Folders moved on Reboot...
C:\Users\Dirk\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

mbam

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dirk :: DIRK-PC [Administrator]

Schutz: Deaktiviert

22.10.2012 22:26:34
mbam-log-2012-10-22 (22-26-34).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204322
Laufzeit: 2 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
c:\users\dirk\appdata\local\temp\soap0_wsdl.exe (Exploit.Drop.GS) -> Löschen bei Neustart.

(Ende)






eset

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-22 06:20:10
# local_time=2012-10-22 08:20:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 46673027 102551966 0 0
# compatibility_mode=7937 16777214 28 75 931941 3946282 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=162607
# found=0
# cleaned=0
# scan_time=7894


check up

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spyware Terminator 2012
Spybot - Search & Destroy
ThreatFire
Secunia PSI (2.0.0.3003)
Malwarebytes Anti-Malware Version 1.65.1.1000
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
Mozilla Thunderbird (16.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
ThreatFire TFTray.exe
ThreatFire TFService.exe
MALWAREBYTES' ANTI-MALWARE MBAMSCHEDULER.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Mein Rechner läuft problemlos, einwandfrei soweit, ohne Auffälligkeiten

ABER : nachwievor zeigt der mbw-scan dieses :

Infizierte Dateien: 1
c:\users\dirk\appdata\local\temp\soap0_wsdl.exe (Exploit.Drop.GS)

und das java updated sich nicht automatisch selber ?
ad-aware habe ich vor wochen deinstalliert ?

seit heute morgen geht gmail von google nicht mehr....keine ahnung , ob das nur ein temporäres googleprob ist oder das von der ganzen scannerei gestern bzw. geänderten sicherheitseinstellungen einstellungen kommt (ich habe bewußt nichts verändert) ?

Zitat:
Zitat von Nightcab Beitrag anzeigen
otl

seit heute morgen geht gmail von google nicht mehr....keine ahnung , ob das nur ein temporäres googleprob ist oder das von der ganzen scannerei gestern bzw. geänderten sicherheitseinstellungen einstellungen kommt (ich habe bewußt nichts verändert) ?
geschrieben 10:43 am 23.10.12

gmail geht wieder

Geändert von Nightcab (22.10.2012 um 21:31 Uhr)

Alt 23.10.2012, 16:36   #14
M-K-D-B
/// TB-Ausbilder
 
exploit.drop.gs - Standard

exploit.drop.gs



Servus,



besuchst du regelmäßig bestimmte Seiten, von denen du dir das immer wieder einfängst (illegale Seiten, dubiose Seiten wie kinox.to & Co, etc.)?




Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 2
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Bitte poste mit deiner nächsten Antwort
  • die Logdateien von OTL

Alt 23.10.2012, 22:07   #15
Nightcab
 
exploit.drop.gs - Standard

exploit.drop.gs



Beim Deinstallieren von Java 6-35 kommt diese Fehlermeldung :

"Es liegt ein diese Windows Installer-Paket betrffendes Problem vor. Eine für den Abschluss der Insallation erforderliche DLL konnte nicht ausgeführt werden. Wenden sie sich an das Supportpersonal oder den Hersteller des Pakets."

Der "Revo Installer" findet Java 6-35 gar nicht .

Der "Revo Installer" findet Java 6-35 gar nicht .



Auf kino.to ect. war ich seitdem wir hier angefangen nicht.

mwb findet dieses exploit schon die ganze zeit weiterhin nach jedem scan und kann es nicht löschen. Aber wenn ich benutzerdefiniert nur die partition c: scanne sieht das so aus :
Malwarebytes Anti-Malware (Test) 1.65.1.1000
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.10.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dirk :: DIRK-PC [Administrator]

Schutz: Deaktiviert

23.10.2012 23:35:08
mbam-log-2012-10-23 (23-35-08).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 147556
Laufzeit: 59 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

------------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.10.2012 23:17:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dirk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,05% Memory free
7,99 Gb Paging File | 6,05 Gb Available in Paging File | 75,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,80 Gb Free Space | 48,36% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 90,42 Gb Free Space | 28,32% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A39BF5-2171-4FE2-A8DA-A1BF6C3ACB20}" = rport=139 | protocol=6 | dir=out | app=system | 
"{093BEC14-51DD-4299-A309-08571FE1835D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{095F91B4-0D5A-451C-8D8F-53BFA042DDA9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0ED6777D-3734-4F9D-9EB6-4A7ACA922030}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1934D624-8569-41E1-8061-AAB40DD95621}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1D2959B0-C6A7-4BA9-A83E-A74B1DE4550C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3AEBFB3F-99B6-4C9D-8DB0-0A508E9C2FEE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{40FA35C0-3936-422B-B139-775A168EF707}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\wnt500x64\rpcsandrasrv.exe | 
"{505DE7AA-EDD8-4FC6-A65B-E9120B8EBD8B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{584732ED-D77D-43D2-B5BD-74567F971E13}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5B141AE1-29FB-4FEB-A2F7-A433F74F1A60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5F3FEFF4-A681-47DF-9A36-93630E317704}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6097D4F9-E3BD-4BED-A005-E2995E0059BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{71731918-2927-421A-9502-E8ADC409E913}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{743E599E-F57F-48BF-AB3F-D8F8C69D71C6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7E5662BE-D8A1-4B93-BEBA-AB2BD2770AFD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8BD32378-5F48-438F-B7C1-220039E472C6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{944CF5CD-EEDD-4EA6-AAF7-24E5B957E094}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98A54F3C-77E5-4CA9-85A6-17680320FA56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A6E1ADE7-8478-4488-A505-9C6918118687}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B47B56C6-BDC0-41EF-88E7-993895E46DB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BB4B86DB-4496-4171-B7EC-5D11800666ED}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C2DCD8B3-6B0D-41AA-B202-3035E1D415A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4615B2D-52E6-46DC-AFC4-99F3D542788A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F96425AF-F2BD-43DF-9BED-BCA05D90558A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010.sp2\rpcagentsrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065FDC25-B2C4-4768-8C32-6C6B17A1C042}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BA24DC6-DA8A-4DD5-9ECB-90A7AF997707}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{0FB3AE92-B180-464C-983B-49F96A24852D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{12DD5709-E88B-4F45-AAC0-5F7091F5F9DC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{15DECB12-D38A-4ECF-8794-4E09DF8D4B37}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{1E7C2F20-9334-4571-9283-6BF8585520E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1F1B7D47-618D-46BD-8BD5-7C0B450607C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{20781D5F-6EFF-4261-B2CB-42761AC3F3D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2343AC8D-8B5A-4A92-9113-0ED1C6DB0A83}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{24B99D54-F224-4854-ABD8-EF0C24D1AA58}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{26024BEE-62AF-458C-AAC9-EE6C2866F81C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{26226094-7CCA-4E4B-A009-D9DCADCFA08E}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{27FCA029-A006-461D-9A43-B926F3454603}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{28995874-D12B-406F-A556-83E1C654C166}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{30C6A459-8AF0-43DB-BD6D-37F9D89E3A48}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{3144D4ED-BBA4-4B3D-A959-68604E507BF4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{31E35AD8-8763-4050-A02D-6EEA9B43811C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{356656CF-3B04-4662-AD54-90CDB118D3BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{35C4FD43-BB4F-4865-999C-611C537A454A}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{3E242AFE-F052-4505-A3D3-2DE5ECD83C38}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{484AA0B6-839A-429D-93E2-F10801AA623E}" = protocol=6 | dir=out | app=system | 
"{5D92CE96-D315-41A4-A427-22842FD635C1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{67FF00CF-0BBE-424F-AF6F-6A432EFF2B25}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6AE26481-B595-4E97-85E3-116123313AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{70F10B59-A426-4E18-85A4-390B65C090EA}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{7E5B33C7-F7EE-4CA0-B863-C4A1A86F4041}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8058CBAE-14A1-4D84-8F1D-6F9E177F8EB0}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{8092BC65-CB5D-42BC-AC76-BACD3000FD52}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{847DE8F9-1EA3-4AC8-BA92-32440FD96E91}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{886E17DE-652D-4F8A-AF8E-BF9F136D6149}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{8B234362-7D02-483F-B3FB-4FB2AE10FBA6}" = protocol=6 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | 
"{8C5FF6E1-66E1-43F9-AFD6-9AE43A435C81}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{8DBD6F7E-D316-47BF-A2AA-4B2E2DCE9212}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8FE53467-B3A4-4CAF-8D90-E9295F1BD602}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{90FBF18F-AB2E-436E-854A-34D8757F7673}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92E2BB76-D4C1-4E43-A0A5-88AB00AE804C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9834B4C4-5561-4466-9AB5-D64CC1893B52}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{9AA3132F-39B3-4384-9473-CF471FED0520}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe | 
"{9F6CE7B1-17F6-4F44-A412-D768241E78AC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{AC71AC5C-4772-4CB4-94BC-6D7BD763DE32}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe | 
"{AF282A66-4EC5-4A4C-B0B2-3E91DEC8AAF0}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"{B90AFBA7-EC27-4362-B8F2-E9643736DC81}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C02F6E4F-325E-4521-AD5D-7B01A953916D}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{C5ACDF3D-F8F9-4B7B-9E4B-C1B01D0ABB42}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CCBB7F14-0313-4E7A-B757-5EA561ACA619}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{D2929FAD-5123-42BD-AE09-67CDB6353313}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{D7500F06-5D58-4D55-A24C-C9F4760EB7EE}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe | 
"{D7D27E32-62A2-433F-B1BA-A752F95E6C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\deepinvent\mailstore home\mailstorelocal.exe | 
"{D9A16E93-141C-4C2B-801E-1780EFAB77F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD0B7565-80D8-4211-A5F7-E74BD5D01B78}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DF600F81-D4C0-44B7-A3D9-3482124BD39F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{F1B662AF-C489-4CD9-B562-6CC4EC7405B9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{1705BE81-92BA-47F7-937F-20694A00869A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{4DB334E3-66E0-4B7B-AC26-36548FAA7EFA}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe | 
"TCP Query User{54F95C72-FB99-429F-9558-D22F04A57BBD}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{6DAC2CFA-8C6A-4459-A7AD-B91EF40D10E5}C:\program files (x86)\philips\mediamanager\twonkyrenderer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkyrenderer.exe | 
"TCP Query User{73624FAE-1A37-4C2E-8F49-4AEB94B85374}C:\bluebyte\siedler3\s3 winxpupdate.exe" = protocol=6 | dir=in | app=c:\bluebyte\siedler3\s3 winxpupdate.exe | 
"TCP Query User{86DB691C-FD59-4F9C-A0BA-A8D78C0786B3}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{98B31631-7D8C-4AF3-92F0-95C66FD0A1B1}C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"TCP Query User{D69FC35E-7EE0-4BA0-9EAE-E6925BE90E53}C:\program files (x86)\philips\mediamanager\twonkymanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkymanager.exe | 
"TCP Query User{D73300B7-328E-485C-9FD5-38D8F8CC2DB8}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{E26CF8ED-745E-4B26-AF3D-AC45625E639E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1E7B2C27-0208-4DBE-95D4-DE3E03D05F95}C:\bluebyte\siedler3\s3 winxpupdate.exe" = protocol=17 | dir=in | app=c:\bluebyte\siedler3\s3 winxpupdate.exe | 
"UDP Query User{3C4EC86A-AC6D-475C-AE9F-EA653B669DAB}C:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{4531F567-5E39-4BE6-8823-489AC2A39998}C:\program files (x86)\twonky\twonkyserver\twonkyserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe | 
"UDP Query User{57A7162E-3374-43D5-8FC2-E953CC84C847}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{6B8E1421-B311-4370-B1B9-FC8FD6B3EB54}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{6D4AE0BF-D6C3-4794-8CFA-F4537ECA461F}C:\program files (x86)\philips\mediamanager\twonkyrenderer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkyrenderer.exe | 
"UDP Query User{BC4A08EA-CE25-4D45-8D2E-DCE6B319D47E}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{E15C1DE7-5584-413B-8BA7-1EFCDB990E1D}C:\program files (x86)\philips\mediamanager\twonkymanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\mediamanager\twonkymanager.exe | 
"UDP Query User{EB4061C1-D6FB-4681-843E-C49B955F694D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{EDC19B49-4BEC-429E-BAAC-5D2A1D0EAF9A}C:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\uplaybrowser.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java(TM) 6 Update 35 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP4a
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E6689D65-0B0D-300C-8404-3F0200DAB065}" = ATI AVIVO64 Codecs
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC673E7-5271-409D-B196-BB76DA60300B}" = Twonky Windows Components
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B58D3D06-1C79-48EF-AF7E-79D8629D16E0}" = phase6_197
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{C90F1F31-EE00-4E31-ABA3-355FF904F86A}" = Carnet d'activités À plus! 3
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7-Zip" = 7-Zip 4.65
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Audacity_is1" = Audacity 2.0
"AudioCS" = Creative Audio-Systemsteuerung
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.4
"Diagnostics 4_5" = Creative-Diagnose
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Host OpenAL" = Host OpenAL
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"MailStore Home_is1" = MailStore Home 4.0.4.3791
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaManager" = MediaManager
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Opera 11.64.1403" = Opera 11.64
"PagePlace" = PagePlace
"phase-6" = phase-6 2.1.1.2d
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1.6
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Siedler3Deinstall" = Siedler3
"Siedler3MissionUninstall" = DIE SIEDLER III MISSION CD
"SpeedFan" = SpeedFan (remove only)
"The KMPlayer" = The KMPlayer (remove only)
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.0
"Tropico3" = Tropico 3: Absolute Power
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.10.2012 06:10:31 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 19.10.2012 18:34:51 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.10.2012 10:25:20 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.10.2012 18:32:44 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.10.2012 15:58:46 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22.10.2012 18:31:22 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 22.10.2012 18:32:37 | Computer Name = Dirk-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.10.2012 06:13:55 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 11723
Description = 
 
Error - 23.10.2012 16:59:27 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 11723
Description = 
 
Error - 23.10.2012 17:03:04 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 11723
Description = 
 
Error - 23.10.2012 17:11:41 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 11723
Description = 
 
[ System Events ]
Error - 21.10.2012 16:20:37 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 22.10.2012 02:23:09 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 22.10.2012 11:50:26 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "UMVPFSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 22.10.2012 11:51:45 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 22.10.2012 12:01:35 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 22.10.2012 16:38:10 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 23.10.2012 01:44:13 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 23.10.2012 04:24:18 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 23.10.2012 06:19:22 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
Error - 23.10.2012 16:51:38 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd  SBRE
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 23:17:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dirk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,05% Memory free
7,99 Gb Paging File | 6,05 Gb Available in Paging File | 75,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 70,80 Gb Free Space | 48,36% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 90,42 Gb Free Space | 28,32% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.21 22:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
PRC - [2012.10.12 10:45:52 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 01:57:30 | 003,673,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.09.07 01:57:20 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.09 20:51:26 | 001,672,008 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
PRC - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
PRC - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
PRC - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
PRC - [2012.05.14 20:55:06 | 003,150,928 | ---- | M] (VS Revo Group) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010.01.14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.23 12:27:30 | 000,015,848 | ---- | M] () -- C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
MOD - [2012.10.12 10:45:42 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.10.12 10:45:51 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 11:50:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.07 01:57:38 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.09 20:51:02 | 000,545,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy)
SRV - [2012.07.09 20:50:58 | 000,271,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav)
SRV - [2012.07.09 20:50:56 | 000,549,704 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.05 02:04:50 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.01.14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.21 03:56:20 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.11 23:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.02.15 18:20:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.02.15 18:20:46 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010.01.14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010.01.14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.08.23 04:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008.05.16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 12:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 12:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV:64bit: - [2008.05.16 12:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 12:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008.01.09 12:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV - [2010.06.27 13:54:49 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 E7 96 A8 35 B0 CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CE0AB267-5174-467B-852F-6D84185754F2}
IE - HKCU\..\SearchScopes\{CE0AB267-5174-467B-852F-6D84185754F2}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig?hl=de&refresh=1"
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {e0dcd7a1-949c-490a-bd7b-d733c2bda820}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Dirk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pageplace.de/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF - HKCU\Software\MozillaPlugins\telekom.com/PagePlaceStarter: C:\Program Files (x86)\PagePlace\npPagePlaceStarter.dll (Deutsche Telekom AG)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:45:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 10:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 12:10:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.16 22:28:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:45:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.12 10:45:38 | 000,000,000 | ---D | M]
 
[2010.02.05 14:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions
[2010.02.05 14:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.21 14:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions
[2012.10.10 23:04:17 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.03 16:38:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.09.28 16:06:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.20 10:46:07 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\5jfff7kv.default\extensions\firefox@ghostery.com
[2012.07.06 12:43:47 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.10.19 10:32:07 | 000,529,693 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.25 23:38:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.07.22 04:08:25 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.10.11 12:45:05 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.17 00:26:29 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-10.xml
[2010.12.10 02:56:44 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-11.xml
[2011.03.02 12:44:11 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-12.xml
[2010.06.23 13:39:45 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-4.xml
[2010.07.22 00:59:55 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-5.xml
[2010.07.25 03:31:30 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-6.xml
[2010.09.09 15:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-7.xml
[2010.09.17 03:33:56 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-8.xml
[2010.10.20 12:37:59 | 000,000,950 | ---- | M] () -- C:\Users\Dirk\AppData\Roaming\mozilla\firefox\profiles\5jfff7kv.default\searchplugins\icqplugin-9.xml
[2012.10.12 10:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.12 10:45:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.10.12 10:45:52 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.21 15:10:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1435D8-7314-489B-8B29-5254127543BA}: NameServer = 192.168.178.1,217.237.150.97
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 12:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.23 12:27:50 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.23 12:27:40 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.23 12:27:40 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.23 12:27:37 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.23 12:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.10.23 12:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.10.23 12:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.10.23 12:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.10.23 12:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.10.23 12:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.10.23 12:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.23 12:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.10.22 18:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.22 17:50:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.10.21 22:28:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2012.10.21 15:18:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.21 15:10:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.10.21 14:48:13 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe
[2012.10.21 11:59:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.21 11:59:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.21 11:59:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.21 11:59:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.21 11:58:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.19 15:56:10 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.10.19 15:43:04 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe
[2012.10.19 15:40:14 | 000,815,665 | ---- | C] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe
[2012.10.19 15:34:18 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe
[2012.10.19 14:55:10 | 000,000,000 | ---D | C] -- C:\Users\Dirk\Desktop\RK_Quarantine
[2012.10.19 14:38:57 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Dirk\Desktop\dds.com
[2012.10.13 10:31:38 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.12 10:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 23:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.11 23:27:28 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.11 23:27:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.11 23:15:59 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.10.11 23:15:49 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\Spyware Terminator
[2012.10.11 23:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.10.11 23:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.10.11 23:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.10.10 13:35:07 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 13:35:06 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 13:35:06 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 13:35:00 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 13:35:00 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 13:35:00 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 13:34:59 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 13:34:59 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 13:34:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 13:34:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 13:34:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 13:34:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 13:34:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 13:34:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 13:34:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:34:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 13:34:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:34:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 13:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:34:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:34:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 13:34:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 13:34:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:34:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 13:34:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 13:34:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 13:34:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 13:34:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:34:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 13:34:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 13:34:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 13:34:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 13:34:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 13:34:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 13:34:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:34:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 13:34:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 13:34:48 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 13:34:33 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 13:34:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 10:03:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2012.10.09 19:11:44 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyMedia
[2012.10.09 18:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\twonkyclient
[2012.10.09 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Philips
[2012.10.09 18:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips
[2012.10.09 18:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TwonkyServer
[2012.10.09 18:36:26 | 000,000,000 | ---D | C] -- C:\Users\Dirk\AppData\Roaming\TwonkyServer
[2012.10.09 18:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twonky
[2012.09.30 14:42:56 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.26 01:30:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 23:08:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 22:58:48 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 22:58:48 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 22:51:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 22:51:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 22:51:11 | 3217,674,240 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 15:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 12:27:31 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.23 12:27:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.10.23 12:27:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.23 12:27:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.10.23 12:27:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.10.23 12:27:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.22 22:02:53 | 000,881,773 | ---- | M] () -- C:\Users\Dirk\Desktop\SecurityCheck.exe
[2012.10.22 18:02:02 | 000,001,418 | ---- | M] () -- C:\Users\Dirk\Desktop\Internet Explorer (64-bit).lnk
[2012.10.21 22:29:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2012.10.21 15:10:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.21 14:48:25 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\ComboFix.exe
[2012.10.21 14:05:10 | 000,538,941 | ---- | M] () -- C:\Users\Dirk\Desktop\adwcleaner.exe
[2012.10.19 15:42:51 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dirk\Desktop\tdsskiller.exe
[2012.10.19 15:40:01 | 000,815,665 | ---- | M] (Farbar) -- C:\Users\Dirk\Desktop\ListParts64.exe
[2012.10.19 15:33:56 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\TFC.exe
[2012.10.19 14:54:43 | 001,425,920 | ---- | M] () -- C:\Users\Dirk\Desktop\RogueKiller.exe
[2012.10.19 14:37:57 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Dirk\Desktop\dds.com
[2012.10.19 09:57:42 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.14 10:43:22 | 000,316,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 23:15:59 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.10.11 23:15:48 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.11 12:59:29 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.09 18:37:18 | 000,001,291 | ---- | M] () -- C:\Users\Public\Desktop\MediaManager.lnk
[2012.10.09 18:36:31 | 000,000,011 | ---- | M] () -- C:\ProgramData\.tv7
[2012.10.09 14:43:28 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.10.09 11:50:22 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 11:50:22 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.02 13:01:43 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.02 13:01:37 | 000,607,584 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.02 13:01:37 | 000,100,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.28 16:06:44 | 000,001,311 | ---- | M] () -- C:\Users\Dirk\Desktop\Free YouTube Download.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 12:04:50 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.10.22 22:02:52 | 000,881,773 | ---- | C] () -- C:\Users\Dirk\Desktop\SecurityCheck.exe
[2012.10.22 18:02:02 | 000,001,418 | ---- | C] () -- C:\Users\Dirk\Desktop\Internet Explorer (64-bit).lnk
[2012.10.21 14:05:10 | 000,538,941 | ---- | C] () -- C:\Users\Dirk\Desktop\adwcleaner.exe
[2012.10.21 11:59:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.21 11:59:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.21 11:59:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.21 11:59:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.21 11:59:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.19 14:55:02 | 001,425,920 | ---- | C] () -- C:\Users\Dirk\Desktop\RogueKiller.exe
[2012.10.14 10:43:12 | 000,316,360 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.11 23:27:35 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.11 23:15:48 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.10.09 18:37:18 | 000,001,291 | ---- | C] () -- C:\Users\Public\Desktop\MediaManager.lnk
[2012.10.09 18:36:31 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7
[2012.09.28 16:06:44 | 000,001,311 | ---- | C] () -- C:\Users\Dirk\Desktop\Free YouTube Download.lnk
[2012.05.09 14:51:47 | 000,000,064 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.25 13:06:44 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.25 13:06:44 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.01.26 01:25:32 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.10 02:04:57 | 000,003,584 | ---- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 16:09:14 | 011,141,120 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.07.01 00:23:31 | 000,007,626 | ---- | C] () -- C:\Users\Dirk\AppData\Local\Resmon.ResmonCfg
[2010.06.22 15:05:25 | 001,482,752 | ---- | C] () -- C:\Users\Dirk\NTUSER.rhk
[2010.02.06 03:22:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

Antwort

Themen zu exploit.drop.gs
dropper.a.dapato.112640.b, exploit.drop.gs, generic backdoor.adp, malware.cridex, roguekiller, tr/crypt.xpack.gen, troj/agent-xdm, trojan, trojan-dropper.dapato.boon, trojan-dropper.win32.dapato, trojan-dropper.win32.dapato.boon, trojan.downloader.jpmh, trojan.necurs.21, trojan.tepfer-11, trojan.win32.generic!sb.0, trojan/dropper.dapato.boon, trojandropper.dapato.bon, trojandropper.dapato.mxz, trojware.win32.trojan.agent.gen, troj_spnr.1bhi12, w32.cridex, win32.troj.dapato.(kcloud), win32/autorun.spy.banker.r, worm.cridex!gikctgptjfq, worm:win32/cridex.e




Ähnliche Themen: exploit.drop.gs


  1. Exploit.Drop.GS
    Log-Analyse und Auswertung - 07.10.2013 (9)
  2. exploit.drop
    Log-Analyse und Auswertung - 26.03.2013 (31)
  3. GVU Trojaner-Problem!(Exploit.Drop.GS;Exploit.drop.GSA;trojan.ransom.SUGen;--->Malwarebytes-Funde)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (6)
  4. Exploit Drop GSA
    Log-Analyse und Auswertung - 29.01.2013 (7)
  5. exploit.drop.gsa eingefangen
    Log-Analyse und Auswertung - 22.01.2013 (22)
  6. Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (32)
  7. GVU Virus - runctf.lnk (im Autostart), wgsdgsdgdsgsd.dll (Exploit.Drop.GS), dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) und dsgsdgdsgdsgw.js
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (3)
  8. Exploit.Drop.GS eingefangen
    Plagegeister aller Art und deren Bekämpfung - 29.12.2012 (1)
  9. GVU Trojaner (Exploit.drop.gsa)
    Plagegeister aller Art und deren Bekämpfung - 28.12.2012 (12)
  10. Exploit.Drop.GS, blockierte Websiten
    Plagegeister aller Art und deren Bekämpfung - 15.12.2012 (21)
  11. GVU Trojaner und Exploit.Drop.GS
    Log-Analyse und Auswertung - 27.10.2012 (10)
  12. Exploit.Drop-UR.2 endgültig löschen
    Log-Analyse und Auswertung - 23.10.2012 (4)
  13. Exploit.Drop.UR2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (32)
  14. Bifrose.Trace und Exploit.drop.nr2
    Log-Analyse und Auswertung - 05.10.2012 (2)
  15. Exploit.drop.ur.2-BKA-Trojaner auf Windows 7
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (23)
  16. exploit.drop.ur.2
    Log-Analyse und Auswertung - 20.08.2012 (5)
  17. Exploit.Drop - Trojaner
    Log-Analyse und Auswertung - 03.07.2012 (3)

Zum Thema exploit.drop.gs - Hallo, o.g. exploit wird von Malwarebytes ständig gefunden, kann aber nicht von mwb gelöscht werden. Es soll sich hier befinden : c\users\dirk\appdata\local\temp\soap0_wsdl.exe ich finde aber unter diesem pfad nichts in - exploit.drop.gs...
Archiv
Du betrachtest: exploit.drop.gs auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.