Acer Notebook mit weißem Bildschirm

hewwisch · 08.07.2013, 16:55

Code:

ATTFilter

ComboFix 13-07-08.02 - Gaby 08.07.2013  17:28:46.1.1 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.2975.1981 [GMT 2:00]
ausgeführt von:: c:\users\Gaby\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gaby\AppData\Roaming\skype.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-08 bis 2013-07-08  ))))))))))))))))))))))))))))))
.
.
2013-07-08 15:37 . 2013-07-08 15:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-07 05:38 . 2013-07-07 05:38	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-08-05 3567616]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-05-27 253952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	c:\program files\Acer Bio Protection\PwdFilter
.
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-06 136704]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 36000]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2012-09-19 795072]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-01-14 22528]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-08-05 3450368]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 33213850
*Deregistered* - 33213850
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 08:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyServer = 10.77.0.15:80
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
FF - prefs.js: network.proxy.ftp - 10.77.0.15
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 10.77.0.15
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 10.77.0.15
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 10.77.0.15
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2025845975-717871519-3907145054-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2025845975-717871519-3907145054-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(448)
c:\program files\Acer Bio Protection\PwdFilter.DLL
c:\windows\system32\bmnet.dll
.
Zeit der Fertigstellung: 2013-07-08  17:40:19
ComboFix-quarantined-files.txt  2013-07-08 15:40
.
Vor Suchlauf: 17 Verzeichnis(se), 244.489.510.912 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 244.508.160.000 Bytes frei
.
- - End Of File - - 3E8C3DBF9BAFECFCE2F440D94B84468E
A36C5E4F47E84449FF07ED3517B43A31

sorry

markusg · 08.07.2013, 17:00

Hi, öffne bitte Computer, c: qoobox
packe den Ordner Quarantain, z.B.: mit Winrar, oder einem anderen Archivierer, und lade das neue Archiv im Upload Channel hoch, bitte kurz melden, wenn fertig

hewwisch · 08.07.2013, 20:07

Hab´s hochgeladen!

markusg · 08.07.2013, 20:12

aber doch nicht hier anhängen, ich sagte im Upload channel, lösch mal bitte den Anhang, danke.
malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

hewwisch · 09.07.2013, 08:46

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.08.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Gaby :: PAUL [Administrator]

Schutz: Aktiviert

09.07.2013 06:42:19
mbam-log-2013-07-09 (06-42-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 392576
Laufzeit: 3 Stunde(n), 1 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Qoobox\Quarantine.rar (Trojan.FakeAlert.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Gaby\AppData\Roaming\skype.dat.vir (Trojan.FakeAlert.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg · 09.07.2013, 10:26

Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

hewwisch · 09.07.2013, 10:53

Code:

ATTFilter

Acer Bio Protection	Egis Technology Inc.	14.01.2010	105 MB	6.2.48	Notwendig
Acer Crystal Eye Webcam	Suyin Optronics Corp	14.01.2010		4.5.1.1	Notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	08.07.2013	6,00 MB	11.7.700.224	Notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	08.07.2013	6,00 MB	11.7.700.224	Notwendig
Adobe Reader XI - Deutsch	Adobe Systems Incorporated	08.07.2013	127 MB	11.0.00	Notwendig
Avira SearchFree Toolbar plus Web Protection	Ask.com	28.07.2012	3,80 MB	1.15.4.0	Unnötig
Avira SearchFree Toolbar plus Web Protection Updater	Ask.com	28.07.2012		1.3.0.23930	Unnötig
AxCrypt (Nur Entfernen)	Axon Data	08.03.2010		unbekannt
CCleaner	Piriform	19.06.2013		4.03	Notwendig
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	16.01.2011	54,2 MB	8.15.10.1892	Notwendig
Intel(R) TV Wizard	Intel Corporation	16.03.2010			Notwendig
IrfanView (remove only)		15.01.2010			Notwendig
Java 7 Update 25	Oracle	08.07.2013	129 MB	7.0.250	Notwendig
LG CyberLink LabelPrint	CyberLink Corp.	18.01.2010	142 MB	2.5.2111	Unbekannt
LG CyberLink Power2Go	CyberLink Corp.	18.01.2010	123 MB	6.2.3325	Unbekannt
LG Power Tools	CyberLink Corp.	18.01.2010	14,5 MB	6.0.3316	Unbekannt
LizardTech DjVu Control (autoinstall)		28.02.2010			Unbekannt
Malwarebytes Anti-Malware Version 1.75.0.1300	Malwarebytes Corporation	08.07.2013	19,2 MB	1.75.0.1300	Unbekannt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	29.06.2010	38,8 MB	4.0.30319	Notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	29.06.2010	2,93 MB	4.0.30319	Notwendig
Microsoft Office File Validation Add-In	Microsoft Corporation	26.12.2011	7,95 MB	14.0.5130.5003	Notwendig
Microsoft Office Home and Student 2007	Microsoft Corporation	08.03.2012		12.0.6612.1000	Notwendig
Microsoft Office Live Add-in 1.5	Microsoft Corporation	09.07.2013	508 KB	2.0.4024.1	Notwendig
Microsoft Security Essentials	Microsoft Corporation	08.07.2013		4.2.223.1	Notwendig
Microsoft Silverlight	Microsoft Corporation	09.07.2013	202 MB	5.1.20125.0	Notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	16.01.2011	1,69 MB	3.1.0000	Notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	06.02.2010	250 KB	8.0.50727.4053	Notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	18.06.2011	300 KB	8.0.61001	Notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	06.02.2010	200 KB	9.0.30729.4148	Notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	03.05.2011	598 KB	9.0.30729.5570	Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	14.01.2010	596 KB	9.0.30729	Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.03.2010	594 KB	9.0.30729.4148	Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	18.06.2011	600 KB	9.0.30729.6161	Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	09.07.2013	15,0 MB	10.0.40219	Notwendig
Move Media Player	Move Networks	11.03.2010			Notwendig
Mozilla Firefox 22.0 (x86 de)	Mozilla	08.07.2013	45,8 MB	22.0	Notwendig
Mozilla Maintenance Service	Mozilla	08.07.2013	333 KB	22.0	Notwendig
PDFCreator	Frank Heindörfer, Philip Chinery	15.01.2010		0.9.9	Notwendig
VLC media player 1.1.5	VideoLAN	28.12.2010		1.1.5	Notwendig
Windows Live Essentials	Microsoft Corporation	16.01.2011		15.4.3508.1109	Notwendig
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	16.01.2011	5,57 MB	15.4.5722.2	Notwendig
WinRAR 4.20 (32-Bit)	win.rar GmbH	08.07.2013		4.20.0	Notwendig

markusg · 09.07.2013, 10:58

Hi,
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Avira SearchFree : beide
Malwarebytes

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

hewwisch · 09.07.2013, 13:08

Code:

ATTFilter

# AdwCleaner v2.304 - Datei am 09/07/2013 um 14:10:00 erstellt
# Aktualisiert am 03/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Gaby - PAUL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gaby\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Application Updater

***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\extensions\wtxpcom@mybrowserbar.com
Ordner Gelöscht : C:\Program Files\Application Updater
Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\Program Files\pdfforge Toolbar
Ordner Gelöscht : C:\Users\Gaby\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Gaby\AppData\LocalLow\Search Settings

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[S1].txt - [1834 octets] - [09/07/2013 14:10:00]

########## EOF - C:\AdwCleaner[S1].txt - [1894 octets] ##########

markusg · 09.07.2013, 13:32

Hi,
neustarten bitte.
Hitman Pro - Download - Filepony

Hitmanpro laden, doppelklicken, Scan klicken.
Nichts löschen, weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen.

hewwisch · 09.07.2013, 18:56

Code:

ATTFilter

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : PAUL
   Windows . . . . . . . : 6.1.1.7601.X86/1
   User name . . . . . . : Paul\Gaby
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-07-09 19:56:16
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 48s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 119

   Objects scanned . . . : 985.047
   Files scanned . . . . : 11.245
   Remnants scanned  . . : 393.968 files / 579.834 keys

Potential Unwanted Programs _________________________________________________

   C:\Users\Default User\AppData\Local\AskToolbar\ (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\ (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\ (AskBar)
   C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (AskBar)
      Size . . . . . . . : 986.064 bytes
      Age  . . . . . . . : 439.1 days (2012-04-26 17:12:34)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 7699132B6EBAD2A9A8563A602173D499E008B9FB1C9359E5FB07B3DCAB033CEF
      Product  . . . . . : Avira Addon
      Publisher  . . . . : Ask.com
      Description  . . . : Avira Addon
      Version  . . . . . : 3.0.0.1000
      Copyright  . . . . : Copyright © 2009 Ask.com, All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\avr-3.inf (AskBar)
   HKU\.DEFAULT\Software\Ask.com\ (AskBar)
   HKU\.DEFAULT\Software\AskToolbar\ (AskBar)
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-18\Software\Ask.com\ (AskBar)
   HKU\S-1-5-18\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)

Cookies _____________________________________________________________________

   C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\cookies.sqlite:ad.zanox.com
   C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\cookies.sqlite:apmebf.com
   C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\cookies.sqlite:doubleclick.net
   C:\Users\Gaby\AppData\Roaming\Mozilla\Firefox\Profiles\otih40mf.default\cookies.sqlite:serving-sys.com

markusg · 09.07.2013, 19:36

alle Hitmanpro Funde löschen, neustarten.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

hewwisch · 09.07.2013, 20:45

Code:

ATTFilter

OTL logfile created on: 09.07.2013 21:29:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gaby\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 75,37% Memory free
5,81 Gb Paging File | 5,07 Gb Available in Paging File | 87,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 229,20 Gb Free Space | 79,50% Space Free | Partition Type: NTFS
 
Computer Name: PAUL | User Name: Gaby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.09 21:27:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gaby\Downloads\OTL.exe
PRC - [2013.07.09 19:56:15 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.05 22:39:32 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe
PRC - [2009.08.05 22:39:32 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009.08.05 22:39:28 | 004,187,648 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PwdBank.exe
PRC - [2009.08.05 22:39:18 | 003,357,696 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.07.09 19:56:15 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.07.03 20:11:46 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.08.05 22:39:32 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Gaby\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.01.20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.01.14 17:41:56 | 000,022,528 | ---- | M] (Egistec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009.07.14 02:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.03.12 20:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 7F 63 8F 26 95 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{193A3D0B-129E-47C5-A214-3B1D812ECC4E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c80017a6-4a39-4a8e-9993-1c21156a15ec&apn_sauid=CCAD0560-EA49-40A7-B164-D61AA35C7C0D
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{907505F5-672D-41D0-97BA-6AF610089360}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{D6866D1D-00CF-41FA-894E-356CB5693691}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.77.0.15:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..network.proxy.ftp: "10.77.0.15"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "10.77.0.15"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.77.0.15"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "10.77.0.15"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.FromDocToPDF_65.com/Plugin: C:\Program Files\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll (FromDocToPDF)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gaby\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.08.22 10:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gaby\AppData\Roaming\mozilla\Extensions
[2013.07.09 21:24:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gaby\AppData\Roaming\mozilla\Firefox\Profiles\otih40mf.default\extensions
[2013.04.20 10:12:36 | 000,111,899 | ---- | M] () (No name found) -- C:\Users\Gaby\AppData\Roaming\mozilla\firefox\profiles\otih40mf.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi
[2013.07.08 17:57:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.07.03 20:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.07.03 20:11:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.07.08 17:37:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} hxxp://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F4DF049-42CA-448E-AD43-2745BE8E0AD0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73645C46-0685-4DE4-B156-C2DF8416D132}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {0e8d0700-75df-11d3-8b4a-0008c7450c4a} - LizardTech DjVu Activex Control
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.09 21:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\FromDocToPDF_65EI
[2013.07.09 19:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.07.09 19:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.07.09 19:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.07.09 13:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.07.09 13:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.07.09 11:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.07.09 11:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.07.09 10:32:28 | 000,000,000 | ---D | C] -- C:\Virenbekämpfung
[2013.07.09 07:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.07.09 07:16:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.07.08 22:01:15 | 000,000,000 | ---D | C] -- C:\Users\Gaby\AppData\Roaming\Malwarebytes
[2013.07.08 22:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.07.08 22:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.07.08 22:00:35 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.07.08 21:58:31 | 000,000,000 | ---D | C] -- C:\Users\Gaby\AppData\Local\Programs
[2013.07.08 21:02:10 | 000,000,000 | ---D | C] -- C:\Users\Gaby\AppData\Roaming\WinRAR
[2013.07.08 21:02:10 | 000,000,000 | ---D | C] -- C:\Users\Gaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.07.08 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.07.08 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.07.08 17:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.07.08 17:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.07.08 17:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.07.08 17:54:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013.07.08 17:40:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.07.08 17:40:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.07.08 17:26:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.07.08 17:26:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.07.08 17:26:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.07.08 17:25:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.07.03 20:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.09 21:25:58 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.09 21:25:58 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.09 21:23:02 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.09 21:23:02 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.09 21:23:02 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.09 21:23:02 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.09 21:18:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.09 21:18:16 | 2339,512,320 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 19:56:15 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.09 14:10:22 | 000,000,175 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.09 13:48:35 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.09 10:21:07 | 000,308,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.08 17:57:07 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.07.08 17:37:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.07.06 23:00:32 | 000,000,000 | ---- | M] () -- C:\Users\Gaby\defogger_reenable
[2013.07.06 20:59:35 | 000,000,004 | ---- | M] () -- C:\Users\Gaby\AppData\Roaming\skype.ini
 
========== Files Created - No Company Name ==========
 
[2013.07.09 19:56:15 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.07.09 14:10:09 | 000,000,175 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.07.09 13:48:35 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.07.09 13:48:34 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.07.09 03:12:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.07.09 03:11:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.07.08 17:57:07 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.07.08 17:56:50 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.07.08 17:26:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.07.08 17:26:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.07.08 17:26:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.07.08 17:26:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.07.08 17:26:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.07.06 23:00:32 | 000,000,000 | ---- | C] () -- C:\Users\Gaby\defogger_reenable
[2013.07.06 20:23:27 | 000,000,004 | ---- | C] () -- C:\Users\Gaby\AppData\Roaming\skype.ini
[2010.05.26 11:01:44 | 000,014,848 | ---- | C] () -- C:\Users\Gaby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.23 11:07:56 | 005,161,644 | ---- | C] () -- C:\Users\Gaby\Cybex i go - Bedienungsanleitung.pdf
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.01.14 16:29:03 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\Acer
[2010.05.27 06:39:48 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\Bytemobile
[2010.07.07 18:42:10 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\HCM Updater
[2011.05.08 19:38:08 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\IrfanView
[2010.01.19 11:33:03 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\Nokia
[2010.11.05 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\PC Suite
[2011.01.19 16:54:10 | 000,000,000 | ---D | M] -- C:\Users\Gaby\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.08 17:40:25 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.10.16 19:23:56 | 000,000,000 | ---D | M] -- C:\05d073c3002d4a41f840da3e4226
[2011.02.10 20:30:07 | 000,000,000 | ---D | M] -- C:\281f0df2f8e4ce8bc2
[2010.01.14 11:02:28 | 000,000,000 | ---D | M] -- C:\ACER
[2011.11.22 22:12:04 | 000,000,000 | ---D | M] -- C:\Bilder
[2009.06.17 04:47:17 | 000,000,000 | ---D | M] -- C:\Book
[2013.07.09 10:19:26 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.12 21:41:37 | 000,000,000 | ---D | M] -- C:\Bunse
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.14 10:43:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.01.01 00:21:02 | 000,000,000 | ---D | M] -- C:\i386
[2009.06.17 03:59:17 | 000,000,000 | ---D | M] -- C:\Intel
[2009.06.17 04:11:56 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.09 21:23:56 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.07.09 19:55:33 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.01.14 10:56:37 | 000,000,000 | R--D | M] -- C:\Programme
[2010.01.14 15:44:59 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.07.09 21:32:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.14 15:45:09 | 000,000,000 | R--D | M] -- C:\Users
[2009.01.01 00:16:09 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2013.07.09 20:01:15 | 000,000,000 | ---D | M] -- C:\Virenbekämpfung
[2013.07.09 14:10:09 | 000,000,000 | ---D | M] -- C:\Windows
[2010.01.14 15:28:41 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
 
< MD5 for: AGP440.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\dllcache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\AGP440.SYS
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\i386\sp3.cab:atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\dllcache\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\system32\dllcache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\OemDir\iaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\system32\drivers\iaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\system32\DRVSTORE\iaAHCI_DAB8BE0C6A617003890F5FDA36EBBE5A46A6D51A\iaStor.sys
[2009.02.11 11:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows.old\Windows\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\system32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\system32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\erdnt\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\system32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\erdnt\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Virenbekämpfung\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.03.08 22:21:12 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2012.03.08 22:21:12 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2010.02.23 11:07:57 | 005,161,644 | ---- | M] () -- C:\Users\Gaby\Cybex i go - Bedienungsanleitung.pdf
[2013.07.06 23:00:32 | 000,000,000 | ---- | M] () -- C:\Users\Gaby\defogger_reenable
[2013.07.09 21:31:28 | 001,835,008 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat
[2013.07.09 21:31:27 | 000,262,144 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat.LOG1
[2010.01.14 15:45:09 | 000,000,000 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat.LOG2
[2012.12.30 11:35:39 | 000,065,536 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat{35a8d35c-5264-11e2-8ed3-001e331f65bb}.TM.blf
[2012.12.30 11:35:39 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat{35a8d35c-5264-11e2-8ed3-001e331f65bb}.TMContainer00000000000000000001.regtrans-ms
[2012.12.30 11:35:40 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat{35a8d35c-5264-11e2-8ed3-001e331f65bb}.TMContainer00000000000000000002.regtrans-ms
[2010.01.14 17:22:30 | 000,065,536 | -HS- | M] () -- C:\Users\Gaby\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.01.14 17:22:30 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.01.14 17:22:30 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.12.25 14:14:48 | 000,065,536 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat{75060510-2bbc-11e1-ba48-001e331f65bb}.TM.blf
[2011.12.25 14:14:48 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat{75060510-2bbc-11e1-ba48-001e331f65bb}.TMContainer00000000000000000001.regtrans-ms
[2011.12.25 14:14:48 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\ntuser.dat{75060510-2bbc-11e1-ba48-001e331f65bb}.TMContainer00000000000000000002.regtrans-ms
[2011.04.24 08:36:09 | 000,065,536 | -HS- | M] () -- C:\Users\Gaby\NTUSER.DAT{f7c39cf1-6e3c-11e0-b48c-001e331f65bb}.TM.blf
[2011.04.24 08:36:09 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\NTUSER.DAT{f7c39cf1-6e3c-11e0-b48c-001e331f65bb}.TMContainer00000000000000000001.regtrans-ms
[2011.04.24 08:36:09 | 000,524,288 | -HS- | M] () -- C:\Users\Gaby\NTUSER.DAT{f7c39cf1-6e3c-11e0-b48c-001e331f65bb}.TMContainer00000000000000000002.regtrans-ms
[2010.01.14 15:45:09 | 000,000,020 | -HS- | M] () -- C:\Users\Gaby\ntuser.ini
[2012.06.20 15:19:23 | 000,020,480 | -HS- | M] () -- C:\Users\Gaby\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

markusg · 09.07.2013, 20:54

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\..\SearchScopes\{193A3D0B-129E-47C5-A214-3B1D812ECC4E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c80017a6-4a39-4a8e-9993-1c21156a15ec&apn_sauid=CCAD0560-EA49-40A7-B164-D61AA35C7C0D
:files
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

hewwisch · 09.07.2013, 21:08

eine extra.txt habe ich nirgends finden können...

08.07.2013, 17:00	#17
markusg /// Malware-holic	Acer Notebook mit weißem Bildschirm Hi, öffne bitte Computer, c: qoobox packe den Ordner Quarantain, z.B.: mit Winrar, oder einem anderen Archivierer, und lade das neue Archiv im Upload Channel hoch, bitte kurz melden, wenn fertig __________________ __________________

Acer Notebook mit weißem Bildschirm

Plagegeister aller Art und deren Bekämpfung: Acer Notebook mit weißem Bildschirm