| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wgsdgsdgdsgsd.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.02.2013, 18:25
| #1 |
 |  wgsdgsdgdsgsd.exe Hallo zusammen, mir wird diese Datei (wgsdgsdgdsgsd.exe) im Autostart angezeigt. Dort habe ich die Datei deaktiviert. Allerdings werden von meinem Rechner Mails verschickt und ich vermute diese Datei als Ursache allen Übels. anbei das Log von Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.26.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 schubi :: SCHUBISEINER [Administrator] Schutz: Aktiviert 26.02.2013 17:55:17 MBAM-log-2013-02-26 (18-22-22).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|Y:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393624 Laufzeit: 24 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\schubi\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 13 C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\schubi\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Vielen Dank schon mal Lieben Gruß schubinho |
|
26.02.2013, 18:26
| #2 |
| /// Malware-holic   | wgsdgsdgdsgsd.exe Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
26.02.2013, 18:43
| #3 |
| | wgsdgsdgdsgsd.exe Hmmm es wurde nur eine txt. Datei auf dem Desktop hinterlegt
__________________Code:
ATTFilter OTL logfile created on: 26.02.2013 18:49:47 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\schubi\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 36,08% Memory free 7,99 Gb Paging File | 5,46 Gb Available in Paging File | 68,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,37 Gb Total Space | 123,20 Gb Free Space | 51,68% Space Free | Partition Type: NTFS Drive E: | 698,63 Gb Total Space | 550,81 Gb Free Space | 78,84% Space Free | Partition Type: NTFS Drive Y: | 930,91 Gb Total Space | 248,14 Gb Free Space | 26,66% Space Free | Partition Type: NTFS Computer Name: SCHUBISEINER | User Name: schubi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.02.26 18:33:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\schubi\Desktop\OTL.exe PRC - [2013.02.14 08:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2013.02.11 11:47:28 | 000,101,288 | ---- | M] (Visicom Media Inc.) -- C:\Program Files (x86)\adawaretb\ffHelper.exe PRC - [2012.12.25 16:40:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.07.04 07:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.14 08:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2013.02.10 23:25:48 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.06 07:35:47 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.25 16:40:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.12.20 23:26:17 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.26 17:05:24 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2013.02.26 17:02:01 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.08 19:41:52 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.07.04 07:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.04 06:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.08.19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tagesschau.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 D3 3D 8D 23 9F CD 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {5D0FEABE-3DF0-49FD-AE1A-47642384E32F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5D0FEABE-3DF0-49FD-AE1A-47642384E32F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.93.0 FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.148 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.148 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.26 17:09:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 18:55:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.26 17:09:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 18:55:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.09.30 18:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schubi\AppData\Roaming\mozilla\Extensions [2013.02.26 17:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schubi\AppData\Roaming\mozilla\Firefox\Profiles\hq0zmjcl.default\extensions [2012.09.30 18:43:26 | 000,000,000 | ---D | M] () -- C:\Users\schubi\AppData\Roaming\mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2013.01.02 15:00:15 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\schubi\AppData\Roaming\mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2013.02.26 17:09:30 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\schubi\AppData\Roaming\mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.09.30 18:43:26 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\schubi\AppData\Roaming\mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\2020Player_IKEA@2020Technologies.com [2012.09.30 22:53:24 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\schubi\AppData\Roaming\mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.12.12 07:14:15 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\schubi\AppData\Roaming\mozilla\firefox\profiles\hq0zmjcl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.06 07:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.06 07:35:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{344BAA19-2B22-4F80-8DE3-9413163E86F2}: DhcpNameServer = 192.168.0.100 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: svñhîst - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ToolboxFX - hkey= - key= - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 18:33:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\schubi\Desktop\OTL.exe [2013.02.26 17:53:14 | 000,000,000 | ---D | C] -- C:\Users\schubi\AppData\Roaming\Malwarebytes [2013.02.26 17:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.26 17:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.26 17:53:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.26 17:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.26 17:52:06 | 000,000,000 | ---D | C] -- C:\Users\schubi\AppData\Local\Programs [2013.02.26 17:49:55 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\schubi\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.26 17:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.02.26 17:10:20 | 000,000,000 | ---D | C] -- C:\Users\schubi\AppData\Local\adawarebp [2013.02.26 17:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2013.02.26 17:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.02.26 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.02.26 17:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.02.26 17:05:24 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.02.26 17:05:24 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.02.26 17:05:23 | 000,000,000 | ---D | C] -- C:\Users\schubi\AppData\Roaming\Ad-Aware Antivirus [2013.02.26 17:02:01 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2013.02.26 17:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.02.26 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2013.02.21 18:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.07 22:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.02.07 22:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.02.07 22:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.02.07 22:58:07 | 000,000,000 | ---D | C] -- C:\Users\schubi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II [2013.02.07 22:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.02.06 07:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.30 14:56:35 | 000,000,000 | ---D | C] -- C:\Users\schubi\AppData\Local\MigWiz ========== Files - Modified Within 30 Days ========== [2013.02.26 18:33:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\schubi\Desktop\OTL.exe [2013.02.26 18:19:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.26 17:53:06 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.26 17:49:59 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\schubi\Desktop\mbam-setup-1.70.0.1100.exe [2013.02.26 17:11:06 | 000,001,874 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.02.26 17:05:24 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.02.26 17:05:24 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.02.26 17:02:01 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2013.02.26 16:27:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.26 09:23:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 09:23:18 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 09:22:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.26 09:22:16 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 09:22:16 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 09:22:16 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 09:22:16 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.26 09:15:58 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 01:12:01 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.19 01:16:40 | 006,197,959 | ---- | M] () -- C:\Users\schubi\Desktop\Energietechnik.pdf [2013.02.15 17:00:19 | 002,395,781 | ---- | M] () -- C:\Users\schubi\Desktop\IMG_0013.JPG [2013.02.15 16:38:10 | 000,016,851 | ---- | M] () -- C:\Users\schubi\Documents\2013-02-15.hrf [2013.02.14 20:00:00 | 000,383,852 | ---- | M] () -- C:\Users\schubi\Desktop\4250393_t201107018.pdf [2013.02.14 07:02:09 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.13 00:20:18 | 000,017,032 | ---- | M] () -- C:\Users\schubi\Documents\2013-02-13.hrf [2013.02.09 22:50:16 | 000,017,014 | ---- | M] () -- C:\Users\schubi\Documents\2013-02-09.hrf [2013.02.08 14:51:59 | 000,095,499 | ---- | M] () -- C:\Users\schubi\Desktop\E.pdf [2013.02.07 23:03:04 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2013.02.07 00:36:10 | 000,017,045 | ---- | M] () -- C:\Users\schubi\Documents\2013-02-07.hrf [2013.02.05 09:42:22 | 095,023,320 | ---- | M] () -- C:\ProgramData\jQBjASj.pad [2013.02.05 09:42:22 | 000,000,153 | ---- | M] () -- C:\ProgramData\jQBjASj.reg [2013.02.05 09:42:22 | 000,000,080 | ---- | M] () -- C:\ProgramData\jQBjASj.bat [2013.01.30 22:13:34 | 000,017,042 | ---- | M] () -- C:\Users\schubi\Documents\2013-01-30.hrf ========== Files Created - No Company Name ========== [2013.02.26 17:53:06 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.26 17:09:08 | 000,001,874 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.02.19 01:16:37 | 006,197,959 | ---- | C] () -- C:\Users\schubi\Desktop\Energietechnik.pdf [2013.02.15 17:00:19 | 002,395,781 | ---- | C] () -- C:\Users\schubi\Desktop\IMG_0013.JPG [2013.02.15 16:38:10 | 000,016,851 | ---- | C] () -- C:\Users\schubi\Documents\2013-02-15.hrf [2013.02.14 19:59:59 | 000,383,852 | ---- | C] () -- C:\Users\schubi\Desktop\4250393_t201107018.pdf [2013.02.13 00:20:18 | 000,017,032 | ---- | C] () -- C:\Users\schubi\Documents\2013-02-13.hrf [2013.02.09 22:50:16 | 000,017,014 | ---- | C] () -- C:\Users\schubi\Documents\2013-02-09.hrf [2013.02.08 14:51:59 | 000,095,499 | ---- | C] () -- C:\Users\schubi\Desktop\E.pdf [2013.02.07 22:59:24 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk [2013.02.07 00:36:10 | 000,017,045 | ---- | C] () -- C:\Users\schubi\Documents\2013-02-07.hrf [2013.02.05 09:42:22 | 095,023,320 | ---- | C] () -- C:\ProgramData\jQBjASj.pad [2013.02.05 09:42:22 | 000,000,153 | ---- | C] () -- C:\ProgramData\jQBjASj.reg [2013.02.05 09:42:22 | 000,000,080 | ---- | C] () -- C:\ProgramData\jQBjASj.bat [2013.01.30 22:13:33 | 000,017,042 | ---- | C] () -- C:\Users\schubi\Documents\2013-01-30.hrf [2013.01.16 13:06:13 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.16 13:06:13 | 000,000,067 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2012.12.24 15:29:02 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.24 15:29:01 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.23 21:53:00 | 000,025,076 | ---- | C] () -- C:\Windows\War3Unin.dat [2012.12.19 16:02:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.11.13 10:19:04 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012.11.13 10:18:57 | 000,001,024 | ---- | C] () -- C:\Users\schubi\.rnd [2012.09.30 21:07:57 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.30 16:48:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.18 18:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.26 17:37:05 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\Ad-Aware Antivirus [2012.10.06 11:20:16 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\convert [2012.11.08 00:43:24 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\IrfanView [2012.10.06 11:23:36 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\loadtbs [2012.11.08 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\MotioninJoy [2012.12.23 20:18:54 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\Origin [2012.10.06 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\PhotoFiltre 7 [2012.12.27 15:19:48 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\Samsung [2012.09.30 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\Thunderbird [2013.02.15 13:01:06 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\TS3Client [2012.10.01 21:18:50 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\ts3overlay [2012.12.23 21:57:32 | 000,000,000 | ---D | M] -- C:\Users\schubi\AppData\Roaming\ts3overlay_hook_win64 ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.01.11 18:09:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.09.30 21:35:11 | 000,000,000 | ---D | M] -- C:\AMD [2012.09.30 19:20:10 | 000,000,000 | ---D | M] -- C:\Backup [2013.02.26 17:09:11 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.09.30 16:51:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.08 22:14:39 | 000,000,000 | ---D | M] -- C:\HattrickOrganizer [2012.10.07 13:27:56 | 000,000,000 | ---D | M] -- C:\HP_LaserJet_Professional_CM1410_Series [2012.10.01 21:26:22 | 000,000,000 | ---D | M] -- C:\Intel [2012.09.30 20:07:45 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.23 13:43:46 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.26 17:53:01 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.26 17:53:02 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.09.30 16:51:38 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.30 16:51:38 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.30 18:49:38 | 000,000,000 | ---D | M] -- C:\Spiele [2013.02.26 18:50:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.23 23:26:07 | 000,000,000 | ---D | M] -- C:\ts3overlay_hook_win64 [2012.09.30 16:51:44 | 000,000,000 | R--D | M] -- C:\Users [2013.02.20 01:11:55 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.02 11:57:07 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.11.13 10:18:59 | 000,001,024 | ---- | M] () -- C:\Users\schubi\.rnd [2013.02.26 18:51:40 | 002,097,152 | -HS- | M] () -- C:\Users\schubi\ntuser.dat [2013.02.26 18:51:40 | 000,262,144 | -HS- | M] () -- C:\Users\schubi\ntuser.dat.LOG1 [2012.09.30 16:51:46 | 000,000,000 | -HS- | M] () -- C:\Users\schubi\ntuser.dat.LOG2 [2012.09.30 16:52:33 | 000,065,536 | -HS- | M] () -- C:\Users\schubi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.09.30 16:52:33 | 000,524,288 | -HS- | M] () -- C:\Users\schubi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.09.30 16:52:33 | 000,524,288 | -HS- | M] () -- C:\Users\schubi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.01.30 12:40:40 | 000,065,536 | -HS- | M] () -- C:\Users\schubi\ntuser.dat{74c33c1f-6acd-11e2-b6ea-00301bbda5ab}.TM.blf [2013.01.30 12:40:40 | 000,524,288 | -HS- | M] () -- C:\Users\schubi\ntuser.dat{74c33c1f-6acd-11e2-b6ea-00301bbda5ab}.TMContainer00000000000000000001.regtrans-ms [2013.01.30 12:40:40 | 000,524,288 | -HS- | M] () -- C:\Users\schubi\ntuser.dat{74c33c1f-6acd-11e2-b6ea-00301bbda5ab}.TMContainer00000000000000000002.regtrans-ms [2012.09.30 16:51:46 | 000,000,020 | -HS- | M] () -- C:\Users\schubi\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.02.2013 18:46:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\schubi\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 35,97% Memory free
7,99 Gb Paging File | 5,46 Gb Available in Paging File | 68,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,37 Gb Total Space | 123,20 Gb Free Space | 51,68% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 550,81 Gb Free Space | 78,84% Space Free | Partition Type: NTFS
Drive Y: | 930,91 Gb Total Space | 248,14 Gb Free Space | 26,66% Space Free | Partition Type: NTFS
Computer Name: SCHUBISEINER | User Name: schubi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1725297014-584208489-2593983358-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1012456A-D118-37E0-E837-34AA28602013}" = AMD Drag and Drop Transcoding
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{BAE780BF-AB42-4CF5-A057-04E7F9DC68F6}" = HP Unified IO
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1CE4680-F9EA-400D-BE71-70995522BD82}_is1" = Voodoo Skript 1.6.9
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CEB4458B-5F7F-478A-B69A-C16EE67C9E7D}" = Ad-Aware Antivirus
"{D58D3C8E-2B39-455C-AE79-878AEA3D38FC}" = HP Unified IO
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Hattrick Organizer" = Hattrick Organizer (remove only)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"VLC media player" = VLC media player 2.0.5
"Warcraft III" = Warcraft III
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1725297014-584208489-2593983358-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"PhotoFiltre 7" = PhotoFiltre 7
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2013 12:09:51 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 25.02.2013 12:10:37 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.02.2013 04:46:29 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 26.02.2013 04:47:15 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 26.02.2013 12:50:10 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lavasoft\Ad-Aware\ShellExt_64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.02.2013 13:33:21 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lavasoft\Ad-Aware\ShellExt_64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.02.2013 13:33:31 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lavasoft\Ad-Aware\ShellExt_64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.02.2013 13:35:12 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lavasoft\Ad-Aware\ShellExt_64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.02.2013 13:35:17 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lavasoft\Ad-Aware\ShellExt_64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 26.02.2013 13:45:27 | Computer Name = schubiseiner | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lavasoft\Ad-Aware\ShellExt_64.dll". Die abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ OSession Events ]
Error - 12.11.2012 16:08:42 | Computer Name = schubiseiner | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3049
seconds with 2460 seconds of active time. This session ended with a crash.
Error - 12.11.2012 16:09:10 | Computer Name = schubiseiner | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 18.02.2013 20:24:04 | Computer Name = schubiseiner | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1456
seconds with 60 seconds of active time. This session ended with a crash.
Error - 18.02.2013 20:26:19 | Computer Name = schubiseiner | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 73
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.02.2013 20:25:10 | Computer Name = schubiseiner | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 02.02.2013 03:24:54 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 02.02.2013 14:41:15 | Computer Name = schubiseiner | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 03.02.2013 07:42:57 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 04.02.2013 02:03:24 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 05.02.2013 02:17:14 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 06.02.2013 01:54:59 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 07.02.2013 01:48:36 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 08.02.2013 04:00:14 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 09.02.2013 03:10:42 | Computer Name = schubiseiner | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
< End of report >
Geändert von schubinho (26.02.2013 um 19:01 Uhr) |
|
26.02.2013, 19:17
| #4 |
| /// Malware-holic | wgsdgsdgdsgsd.exe hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 19:25
| #5 |
| | wgsdgsdgdsgsd.exe Das Ergebnis des Fixens Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_XP deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: schubi
->Temp folder emptied: 76335957 bytes
->Temporary Internet Files folder emptied: 191619957 bytes
->Java cache emptied: 939244 bytes
->FireFox cache emptied: 70211946 bytes
->Flash cache emptied: 506 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 214451956 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 16550008 bytes
Total Files Cleaned = 544,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02262013_192054
|
|
26.02.2013, 20:14
| #6 |
| /// Malware-holic | wgsdgsdgdsgsd.exe Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> wgsdgsdgdsgsd.exe |
|
26.02.2013, 20:32
| #7 |
| | wgsdgsdgdsgsd.exe Das Ergebnis von TSSDKiller hat zu viele Zeichen und ist zu groß als Anhang, gib mir doch bitte Bescheid wie ich es posten soll. Danke |
|
26.02.2013, 20:33
| #8 |
| /// Malware-holic | wgsdgsdgdsgsd.exe packen und anhängen oder teilen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 20:44
| #9 |
| | wgsdgsdgdsgsd.exe So hier die dreigeteilte Datei. Und vielen Dank schon mal, dass du dich hier so um mein Problem kümmerst. Anhang 50935 Anhang 50936 Anhang 50937 |
|
26.02.2013, 21:26
| #10 |
| /// Malware-holic | wgsdgsdgdsgsd.exe Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 21:44
| #11 |
| | wgsdgsdgdsgsd.exe hier die combofix.txt Code:
ATTFilter ComboFix 13-02-26.01 - schubi 26.02.2013 21:34:45.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2909 [GMT 1:00]
ausgeführt von:: c:\users\schubi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\jQBjASj.pad
c:\users\schubi\AppData\Roaming\convert\convert.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-26 bis 2013-02-26 ))))))))))))))))))))))))))))))
.
.
2013-02-26 18:33 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABD29A28-3E44-4E05-88B9-8D5EB5E64C34}\mpengine.dll
2013-02-26 18:20 . 2013-02-26 18:20 -------- d-----w- C:\_OTL
2013-02-26 16:53 . 2013-02-26 16:53 -------- d-----w- c:\users\schubi\AppData\Roaming\Malwarebytes
2013-02-26 16:53 . 2013-02-26 16:53 -------- d-----w- c:\programdata\Malwarebytes
2013-02-26 16:53 . 2013-02-26 16:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-26 16:53 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-26 16:52 . 2013-02-26 16:52 -------- d-----w- c:\users\schubi\AppData\Local\Programs
2013-02-26 16:11 . 2013-02-26 16:11 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2013-02-26 16:10 . 2013-02-26 16:10 -------- d-----w- c:\users\schubi\AppData\Local\adawarebp
2013-02-26 16:09 . 2013-02-26 16:09 -------- d-----w- c:\program files (x86)\adawaretb
2013-02-26 16:08 . 2013-02-26 16:11 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2013-02-26 16:07 . 2013-02-26 16:07 -------- d-----w- c:\programdata\Downloaded Installations
2013-02-26 16:05 . 2013-02-26 16:05 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-02-26 16:05 . 2013-02-26 16:05 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-26 16:05 . 2013-02-26 16:37 -------- d-----w- c:\users\schubi\AppData\Roaming\Ad-Aware Antivirus
2013-02-26 16:02 . 2013-02-26 16:02 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2013-02-26 16:00 . 2013-02-26 16:08 -------- d-----w- c:\programdata\Lavasoft
2013-02-26 16:00 . 2013-02-26 16:00 -------- d-----w- c:\program files (x86)\Lavasoft
2013-02-25 15:46 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-21 17:55 . 2013-02-21 17:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-02-13 23:59 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 23:59 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 23:57 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-13 19:14 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 19:14 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 19:14 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 19:14 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 19:14 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 19:14 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 19:14 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 19:14 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 19:14 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 19:14 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 19:14 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 19:14 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-07 21:59 . 2013-02-07 22:02 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-02-07 21:58 . 2013-02-07 21:59 -------- d-----w- c:\programdata\Battle.net
2013-02-07 21:58 . 2013-02-07 22:02 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2013-02-05 08:42 . 2013-02-05 08:42 80 ----a-w- c:\programdata\jQBjASj.bat
2013-02-05 08:42 . 2013-02-05 08:42 153 ----a-w- c:\programdata\jQBjASj.reg
2013-01-30 13:56 . 2013-01-30 13:56 -------- dc----w- c:\users\schubi\AppData\Local\MigWiz
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 00:01 . 2012-09-30 20:34 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-10 22:25 . 2012-09-30 19:39 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 22:25 . 2012-09-30 19:39 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53 . 2012-09-30 17:50 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-27 15:01 . 2012-12-25 15:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-27 15:01 . 2012-12-24 14:29 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-27 14:36 . 2012-12-24 14:29 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-03-20 18:44 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-13 19:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-25 15:40 . 2012-12-24 14:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-23 20:52 . 2012-12-23 20:52 2829 ----a-w- c:\windows\War3Unin.pif
2012-12-23 20:52 . 2012-12-23 20:52 126976 ----a-w- c:\windows\War3Unin.exe
2012-12-18 09:06 . 2012-12-27 14:16 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-12-18 09:06 . 2012-12-18 09:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-12-18 09:06 . 2012-12-18 09:06 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-12-18 09:06 . 2012-12-18 09:06 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-12-18 09:06 . 2012-12-18 09:06 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-12-18 09:06 . 2012-12-18 09:06 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-12-18 09:06 . 2012-12-18 09:06 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-12-18 09:06 . 2012-12-18 09:06 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-12-18 09:06 . 2012-12-18 09:06 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-12-18 09:06 . 2012-12-18 09:06 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-12-18 09:06 . 2012-12-18 09:06 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-12-18 09:06 . 2012-12-18 09:06 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-12-18 09:06 . 2012-12-18 09:06 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-12-18 09:06 . 2012-12-18 09:06 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-12-18 09:06 . 2012-12-18 09:06 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-12-18 09:06 . 2012-12-18 09:06 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-12-18 09:06 . 2012-12-18 09:06 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-12-18 09:06 . 2012-12-18 09:06 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-12-18 09:06 . 2012-12-18 09:06 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-12-18 09:06 . 2012-12-18 09:06 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-12-18 09:06 . 2012-12-18 09:06 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-12-18 09:06 . 2012-12-18 09:06 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-12-18 09:06 . 2012-12-18 09:06 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-12-18 09:06 . 2012-12-18 09:06 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-12-18 09:06 . 2012-12-18 09:06 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-12-18 09:06 . 2012-12-27 14:16 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-12-16 17:11 . 2012-12-21 15:47 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 15:47 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:47 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:47 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 16:16 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 16:16 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 16:16 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 16:16 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 16:16 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 16:16 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 16:16 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 16:16 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 16:16 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 16:16 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 16:16 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 16:16 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 16:16 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 16:16 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 16:16 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 16:16 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 16:16 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 16:16 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 16:16 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 16:16 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 16:16 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 16:16 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 16:16 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 16:16 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 16:16 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 16:16 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 16:16 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 16:16 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 16:16 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 16:16 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 16:16 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 16:16 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 16:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 16:15 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 16:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 16:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 16:15 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 16:15 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 gamreenp;gamreenp;c:\windows\system32\drivers\gamreenp.sys [x]
R1 hrxwoeur;hrxwoeur;c:\windows\system32\drivers\hrxwoeur.sys [x]
R1 oxqrurmi;oxqrurmi;c:\windows\system32\drivers\oxqrurmi.sys [x]
R1 wccjfmap;wccjfmap;c:\windows\system32\drivers\wccjfmap.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-11-08 121416]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-26 14456]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2013-02-26 55384]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-14 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 22:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.tagesschau.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.100
FF - ProfilePath - c:\users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=
FF - ExtSQL: 2013-02-26 17:09; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - user.js: extensions.autoDisableScopes - 10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-26 21:40:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-26 20:40
.
Vor Suchlauf: 14 Verzeichnis(se), 132.166.479.872 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 131.752.337.408 Bytes frei
.
- - End Of File - - F587A4A1DB3FD3637A6515A4B59EBFA1
|
|
26.02.2013, 22:14
| #12 |
| /// Malware-holic | wgsdgsdgdsgsd.exe Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 22:53
| #13 |
| | wgsdgsdgdsgsd.exe CCleaner Liste Code:
ATTFilter Ad-Aware Antivirus Lavasoft 26.02.2013 37,5MB 10.5.0.4339 notwendig Ad-Aware Security Add-on Lavasoft 26.02.2013 2.5.0.6 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 26.02.2013 6,00MB 11.5.502.149 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 26.02.2013 6,00MB 11.5.502.149 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 30.09.2012 121MB 10.1.4 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 30.09.2012 26,2MB 8.0.877.0 notwendig Apple Application Support Apple Inc. 14.12.2012 65,0MB 2.3.2 notwendig Apple Mobile Device Support Apple Inc. 14.12.2012 25,1MB 6.0.1.3 notwendig Apple Software Update Apple Inc. 06.10.2012 2,38MB 2.1.3.127 notwendig Battlefield 3™ Electronic Arts 26.02.2013 1.5.0.0 notwendig Battlelog Web Plugins EA Digital Illusions CE AB 26.02.2013 2.1.2 notwendig Bonjour Apple Inc. 06.10.2012 2,00MB 3.0.0.10 notwendig CCleaner Piriform 25.02.2013 3.28 notwendig Counter-Strike Valve 26.02.2013 notwendig ESN Sonar ESN Social Software AB 26.02.2013 0.70.4 unbekannt FIFA 12 Electronic Arts 26.02.2013 1.6.0.0 notwendig Hattrick Organizer (remove only) 26.02.2013 notwendig HP LaserJet Professional CM1410 Series Hewlett-Packard 26.02.2013 notwendig HP LJ CM1410 MFP Series HP Scan Hewlett-Packard Co. 07.10.2012 12,5MB 1.0.302.0 notwendig HP Update Hewlett-Packard 07.10.2012 2,97MB 5.002.006.003 notwendig I.R.I.S. OCR HP 07.10.2012 68,9MB 12.3.4.0 notwendig IrfanView (remove only) Irfan Skiljan 26.02.2013 1,50MB 4.32 unnötig iTunes Apple Inc. 14.12.2012 191MB 11.0.1.12 notwendig Java 7 Update 9 Oracle 03.10.2012 128MB 7.0.90 notwendig Logitech Harmony Remote Software 7 Logitech 28.12.2012 7.7.0.0 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 26.02.2013 18,4MB 1.70.0.1100 war heute notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 27.12.2012 38,8MB 4.0.30320 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 27.12.2012 2,93MB 4.0.30320 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 26.02.2013 12.0.6612.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 05.10.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 30.09.2012 508KB 2.0.4024.1 unbekannt Microsoft Security Essentials Microsoft Corporation 20.02.2013 4.2.223.1 notwendig Microsoft Silverlight Microsoft Corporation 23.12.2012 50,6MB 5.1.10411.0 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 08.11.2012 596KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10.11.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 23.12.2012 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.11.2012 15,0MB 10.0.40219 unbekannt MotioninJoy ds3 driver version 0.6.0003 www.motioninjoy.com 08.11.2012 3,42MB 0.5.0001 notwendig Mozilla Firefox 18.0.2 (x86 de) Mozilla 26.02.2013 43,2MB 18.0.2 notwendig Mozilla Maintenance Service Mozilla 26.02.2013 329KB 17.0.3 unbekannt Mozilla Thunderbird 17.0.3 (x86 de) Mozilla 26.02.2013 41,9MB 17.0.3 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.11.2012 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.11.2012 1,33MB 4.20.9876.0 unbekannt MyFreeCodec 27.12.2012 unbekannt Nero 8 Nero AG 13.11.2012 1,69GB 8.2.87 notwendig Origin Electronic Arts, Inc. 26.02.2013 9.0.15.65 notwendig PhotoFiltre 7 06.10.2012 unnötig PunkBuster Services Even Balance, Inc. 26.02.2013 0.991 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 01.10.2012 6.0.1.5898 notwendig Remote Control USB Driver 28.12.2012 2.3.2.317 unbekannt Samsung Kies Samsung Electronics Co., Ltd. 27.12.2012 153MB 2.5.1.12123_2 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 27.12.2012 33,8MB 1.5.16.0 notwendig Skype™ 6.1 Skype Technologies S.A. 27.01.2013 21,1MB 6.1.129 notwendig Spybot - Search & Destroy Safer Networking Limited 30.09.2012 1.6.2 anscheinend unnötig StarCraft II Blizzard Entertainment 26.02.2013 1.5.4.24540 Steam Valve Corporation 18.11.2012 35,4MB 1.0.0.0 notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 23.12.2012 3.0.9.2 notwendig VLC media player 2.0.5 VideoLAN 26.02.2013 2.0.5 notwendig Voodoo Skript 1.6.9 myrabbits.de 26.02.2013 1.6.9 notwendig Warcraft III 26.02.2013 notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 30.09.2012 4.20.0 notwendig |
|
26.02.2013, 22:55
| #14 |
| /// Malware-holic | wgsdgsdgdsgsd.exe deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ESN IrfanView Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: MyFreeCodec PhotoFiltre Spybot Öffne CCleaner, analysieren starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
26.02.2013, 23:20
| #15 |
| | wgsdgsdgdsgsd.exe ADwCleaner log Code:
ATTFilter # AdwCleaner v2.113 - Datei am 26/02/2013 um 23:15:54 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : schubi - SCHUBISEINER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\schubi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\Users\schubi\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\schubi\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\schubi\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\adawaretb
Ordner Gelöscht : C:\Users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\Conduit
Ordner Gelöscht : C:\Users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
Ordner Gelöscht : C:\Users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\Smartbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\prefs.js
C:\Users\schubi\AppData\Roaming\Mozilla\Firefox\Profiles\hq0zmjcl.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Gelöscht : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_city", "KERPEN");
Gelöscht : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2319825.FirstTime", "true");
Gelöscht : user_pref("CT2319825.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2319825.ID", "51041029");
Gelöscht : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Gelöscht : user_pref("CT2319825.UserID", "UN65951878857685282");
Gelöscht : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.autoDisableScopes", -1);
Gelöscht : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2319825.defaultSearch", "true");
Gelöscht : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2319825.enableAlerts", "always");
Gelöscht : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Gelöscht : user_pref("CT2319825.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundError", "true");
Gelöscht : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2319825.fixUrls", true);
Gelöscht : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Gelöscht : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.isNewTabEnabled", true);
Gelöscht : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2319825.keyword", true);
Gelöscht : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Gelöscht : user_pref("CT2319825.openThankYouPage", "false");
Gelöscht : user_pref("CT2319825.openUninstallPage", "true");
Gelöscht : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Gelöscht : user_pref("CT2319825.search.searchCount", "0");
Gelöscht : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2319825.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349518824085");
Gelöscht : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1349518823816");
Gelöscht : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349518825282");
Gelöscht : user_pref("CT2319825.serviceLayer_services_login_10.10.27.6_lastUpdate", "1349518825665");
Gelöscht : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349518825381");
Gelöscht : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1349518823012");
Gelöscht : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1349518822934");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349518825320");
Gelöscht : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1349518823056");
Gelöscht : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1349518823820");
Gelöscht : user_pref("CT2319825.settingsINI", true);
Gelöscht : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Gelöscht : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Gelöscht : user_pref("CT2319825.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2319825.smartbar.homepage", true);
Gelöscht : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Gelöscht : user_pref("CT2319825.startPage", "userChanged");
Gelöscht : user_pref("CT2319825.toolbarBornServerTime", "6-10-2012");
Gelöscht : user_pref("CT2319825.toolbarCurrentServerTime", "6-10-2012");
Gelöscht : user_pref("CT2319825.toolbarDisabled", "true");
Gelöscht : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2720081.CTID", "CT2720081");
Gelöscht : user_pref("CT2720081.CurrentServerDate", "12-10-2010");
Gelöscht : user_pref("CT2720081.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2720081.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2720081.EMailNotifierPollDate", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.FeedLastCount129248891425073064", 80);
Gelöscht : user_pref("CT2720081.FeedPollDate129225116238185771", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.FeedPollDate129225147492879732", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.FeedPollDate129245643951202078", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.FeedPollDate129245643951202084", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.FeedTTL129225116238185771", 40);
Gelöscht : user_pref("CT2720081.FeedTTL129225147492879732", 40);
Gelöscht : user_pref("CT2720081.FeedTTL129245643951202078", 40);
Gelöscht : user_pref("CT2720081.FeedTTL129245643951202084", 40);
Gelöscht : user_pref("CT2720081.FirstServerDate", "12-10-2010");
Gelöscht : user_pref("CT2720081.FirstTime", true);
Gelöscht : user_pref("CT2720081.FirstTimeFF3", true);
Gelöscht : user_pref("CT2720081.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2720081.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2720081.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2720081.Initialize", true);
Gelöscht : user_pref("CT2720081.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2720081.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2720081.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2720081.InstalledDate", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.InvalidateCache", false);
Gelöscht : user_pref("CT2720081.IsGrouping", false);
Gelöscht : user_pref("CT2720081.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2720081.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2720081.LanguagePackLastCheckTime", "Tue Oct 12 2010 15:21:44 GMT+0200");
Gelöscht : user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2720081.LastLogin_2.7.2.0", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2720081.Locale", "en");
Gelöscht : user_pref("CT2720081.LoginCache", 4);
Gelöscht : user_pref("CT2720081.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2720081.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2720081.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2720081.RadioLastCheckTime", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
Gelöscht : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2720081.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Gelöscht : user_pref("CT2720081.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2720081.SearchInNewTabLastCheckTime", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2720081.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2720081.SettingsLastCheckTime", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.SettingsLastUpdate", "1286735985");
Gelöscht : user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Tue Oct 12 2010 15:21:43 GMT+0200");
Gelöscht : user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2720081.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2720081.UserID", "UN35887766356136228");
Gelöscht : user_pref("CT2720081.WeatherNetwork", "");
Gelöscht : user_pref("CT2720081.WeatherPollDate", "Tue Oct 12 2010 15:21:44 GMT+0200");
Gelöscht : user_pref("CT2720081.WeatherUnit", "C");
Gelöscht : user_pref("CT2720081.alertChannelId", "1112366");
Gelöscht : user_pref("CT2720081.clientLogIsEnabled", true);
Gelöscht : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2720081.myStuffEnabled", true);
Gelöscht : user_pref("CT2720081.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2720081");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2720081");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Nov 14 2010 15:15:58 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Oct 12 2010 15:21:45 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Tue Oct 12 2010 15:21:45 GMT+0200"[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Oct 12 2010 15:21:45 GMT+0200")[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Tue Oct 12 2010 15:21:45 GMT+0200")[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Gelöscht : user_pref("browser.search.selectedEngine", "Winload Customized Web Search");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#fxt1");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.lastActv", "13");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]
*************************
AdwCleaner[S1].txt - [16685 octets] - [26/02/2013 23:15:54]
########## EOF - C:\AdwCleaner[S1].txt - [16746 octets] ##########
|
|
| Themen zu wgsdgsdgdsgsd.exe |
| administrator, aktion, anti-malware, appdata, autostart, code, datei, dateien, exploit.drop.gsa, explorer, hallo zusammen, html, install.exe, löschen, mails, pup.loadtubes, quarantäne, rechner, roaming, service, speicher, test, uninstall.exe, verschickt, version, zusammen |
WARNUNG an die MITLESER: 
Linear-Darstellung
