GVU Trojaner lässt mich nicht in den Abgesicherten Modus

SickDerrick · 12.07.2013, 19:01

Hallo liebe Forenmitglieder,
ich hab folgendes Problem: ich hab mir den GVU-Trojaner eingeheimst und der lässt mich jetzt nicht mehr auf mein Benutzerkonto, nicht mal im Abgesicherten Modus. Ich hab jedoch noch ein Administrator-Benutzerkonto, von welchem ich auch gerade schreibe. Das ist noch bedienbar, kann ich von diesem aus auch die Virenbehebung durchführen? Ich habe auch das Gefühl, dass sich dort noch andere Viren befinden.

Vielen Dank schonmal für eure Hilfe.

Ach ja, WIndows 7 32 Bit. Hab hier leider keine Windows CD, also bräuchte ich eine Fehlerbehebung ohne CD-Gebrauch, wenn das den geht...?

markusg · 12.07.2013, 19:08

Hi
schaun wir mal.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

SickDerrick · 12.07.2013, 19:43

Hier der OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.07.2013 20:14:29 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 58,96% Memory free
3,86 Gb Paging File | 2,59 Gb Available in Paging File | 66,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,15 Gb Total Space | 137,28 Gb Free Space | 47,81% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,97 Gb Free Space | 30,39% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-THINK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.12 20:13:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.06.26 15:54:43 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Programme\Bitdefender\Antivirus Free Edition\gziface.exe
PRC - [2013.06.07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Programme\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.26 17:43:45 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013.03.26 17:43:31 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.19 16:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe
PRC - [2012.09.10 14:31:46 | 000,209,920 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010.03.08 09:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Programme\Common Files\AOL\1291204051\ee\aolsoftware.exe
PRC - [2009.09.10 04:37:10 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.09.08 18:10:24 | 000,242,976 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2009.09.08 18:10:22 | 000,124,192 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009.09.08 17:59:08 | 000,335,872 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009.09.04 15:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.09.01 00:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009.09.01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009.08.26 16:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.08.20 02:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009.03.13 10:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.02.02 11:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\AOL\acs\AOLacsd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.05.17 06:05:52 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.17 03:38:55 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.17 03:38:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 03:38:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.17 03:37:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 03:32:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.26 17:44:18 | 000,063,376 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013.02.14 04:36:48 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013.02.14 04:32:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.09 09:41:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 09:41:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 09:40:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 09:40:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 09:39:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 09:39:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.07.28 17:55:02 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.04.25 23:52:37 | 000,059,392 | ---- | M] () -- c:\Programme\Common Files\AOL\1291204051\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
MOD - [2011.03.14 14:21:10 | 000,016,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.11.02 21:41:18 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.09.08 17:59:06 | 000,651,264 | ---- | M] () -- C:\Programme\Lenovo\Access Connections\AcDeskBand.dll
MOD - [2009.08.23 20:04:00 | 000,037,888 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Simon\AppData\Roaming\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
SRV - [2013.06.26 15:54:50 | 000,050,816 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV - [2013.06.03 13:43:30 | 000,029,920 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.26 17:43:31 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013.02.02 01:23:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.04.22 22:49:45 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.12.01 19:38:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.10 10:19:18 | 003,390,312 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.09.08 18:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.08 18:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.09.04 15:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.01 00:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009.09.01 00:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009.09.01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009.08.26 16:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.23 20:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.08.04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.04.29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva365.sys -- (XDva365)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Simon\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Simon\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013.06.22 00:40:03 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013.06.21 16:07:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.04.22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2013.04.17 17:18:46 | 000,108,008 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Programme\Bitdefender\Antivirus Free Edition\bdfwfpf.sys -- (bdfwfpf)
DRV - [2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.26 17:24:15 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2013.03.26 17:18:20 | 000,092,112 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2013.02.08 16:45:32 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012.10.02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr)
DRV - [2012.04.13 12:55:46 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.06.27 17:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.21 16:11:02 | 000,081,680 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010.09.04 00:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.11.02 13:13:49 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.09.15 14:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 13:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 19:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.09.01 02:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.08.23 20:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.07.22 07:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.02 11:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009.06.29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.23 05:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.06.11 10:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.05.14 01:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.04.29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.05.12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.03.07 12:08:08 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D7CD9D94-F9A3-456F-832E-9FB5BDAA7544}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC FA 28 D6 1E 7F CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.31 11:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.02 01:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.02 01:23:06 | 000,000,000 | ---D | M]
 
[2013.02.02 01:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.02 01:23:05 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.02 01:23:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.02 01:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.02 01:23:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.12.20 02:55:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.02 04:37:34 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.12.20 02:55:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.20 02:55:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.20 02:55:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.20 02:55:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.20 02:55:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.06.25 16:23:00 | 000,000,028 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\AOL\1291204051\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://ciscovpn.rrze.uni-erlangen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080E7D11-3F2A-4362-B581-3020A90C09E4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA74B58F-BA99-48C7-807E-06634D9A8A97}: DhcpNameServer = 131.188.0.10 131.188.0.11
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserProtect.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bc8ba723-c79c-11de-819f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bc8ba723-c79c-11de-819f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.12 20:13:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.07.07 16:25:51 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles
[2013.07.06 11:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2013.06.25 16:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.06.23 21:57:31 | 000,000,000 | ---D | C] -- C:\Fitness
[2013.06.22 00:40:03 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.06.21 16:06:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.21 14:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.06.19 00:24:57 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.06.17 23:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
[2013.06.17 23:06:55 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013.06.17 23:06:55 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013.06.17 16:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.06.17 16:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.06.17 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.06.17 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.06.17 15:19:50 | 000,164,952 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.06.17 10:49:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.17 03:50:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.17 03:50:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2013.06.17 03:32:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.17 03:32:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.17 03:32:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.17 03:32:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.17 03:32:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.17 03:31:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.12 20:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.12 20:13:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.07.12 19:55:35 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.12 19:55:35 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.12 19:49:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.12 19:49:51 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
[2013.07.12 19:49:51 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
[2013.07.12 19:49:36 | 000,001,024 | ---- | M] () -- C:\Users\Administrator\.rnd
[2013.07.12 19:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.12 19:47:59 | 1555,587,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.12 18:50:37 | 000,765,110 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.12 18:50:37 | 000,718,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.12 18:50:37 | 000,177,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.12 18:50:37 | 000,143,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.12 17:55:07 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.12 17:51:36 | 001,084,727 | ---- | M] () -- C:\ProgramData\2433f433
[2013.07.12 17:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.12 16:20:57 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Simon.job
[2013.07.01 15:12:29 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.25 16:23:00 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.22 00:40:03 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.06.21 16:07:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.21 16:07:12 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.21 14:47:36 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.06.19 00:24:57 | 000,242,504 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.06.17 23:07:10 | 002,059,314 | ---- | M] () -- C:\ProgramData\1371502663.bdinstall.bin
[2013.06.17 15:34:52 | 002,043,436 | ---- | M] () -- C:\ProgramData\1371475169.bdinstall.bin
[2013.06.17 15:14:19 | 000,002,050 | ---- | M] () -- C:\ProgramData\1371474849.1604.bin
[2013.06.17 15:14:17 | 000,025,959 | ---- | M] () -- C:\ProgramData\1371474849.6100.bin
[2013.06.17 15:13:12 | 000,030,141 | ---- | M] () -- C:\ProgramData\1371474774.bdinstall.bin
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.12 17:51:36 | 001,084,727 | ---- | C] () -- C:\ProgramData\2433f433
[2013.06.21 16:06:21 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.21 14:47:36 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.06.17 23:07:10 | 002,059,314 | ---- | C] () -- C:\ProgramData\1371502663.bdinstall.bin
[2013.06.17 15:34:33 | 002,043,436 | ---- | C] () -- C:\ProgramData\1371475169.bdinstall.bin
[2013.06.17 15:14:11 | 000,002,050 | ---- | C] () -- C:\ProgramData\1371474849.1604.bin
[2013.06.17 15:14:09 | 000,025,959 | ---- | C] () -- C:\ProgramData\1371474849.6100.bin
[2013.06.17 15:13:12 | 000,030,141 | ---- | C] () -- C:\ProgramData\1371474774.bdinstall.bin
[2013.06.17 03:32:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.17 03:32:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.17 03:32:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.17 03:32:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.17 03:32:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.09 16:23:17 | 000,001,024 | ---- | C] () -- C:\Users\Administrator\.rnd
[2013.02.27 00:03:38 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.11.24 18:33:35 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012.11.24 18:33:35 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2012.11.24 18:30:58 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.11.24 18:30:58 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.06.09 16:23:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lenovo
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.07 16:25:51 | 000,000,000 | -HSD | M] -- C:\$$PendingFiles
[2013.07.12 18:40:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.11.02 13:10:15 | 000,000,000 | ---D | M] -- C:\AuthLog
[2009.07.21 08:20:37 | 000,000,000 | ---D | M] -- C:\Boot
[2013.06.17 10:53:47 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.07.08 06:18:03 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.02 08:47:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.10.07 03:03:24 | 000,000,000 | ---D | M] -- C:\f639328a148e7331984ef9155a4470
[2013.06.23 22:33:17 | 000,000,000 | ---D | M] -- C:\Fitness
[2012.12.16 16:14:44 | 000,000,000 | ---D | M] -- C:\Hörbücher
[2009.11.02 13:27:41 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.08 06:13:13 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.12 17:51:36 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.12.02 08:47:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.17 10:53:44 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.12.02 08:48:13 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2013.03.01 22:30:51 | 000,000,000 | ---D | M] -- C:\swshare
[2009.12.02 09:44:28 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2013.07.12 20:17:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.06.09 16:20:03 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.12 18:02:55 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.15 14:52:16 | 000,000,000 | ---D | M] -- C:\Windyzone
[2013.06.18 08:49:43 | 000,000,000 | ---D | M] -- C:\_SMA
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.05.19 12:13:21 | 000,000,474 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Simon.job
[2011.03.05 22:59:45 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.05 22:59:46 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.08.28 03:22:06 | 000,000,466 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011.08.28 03:22:07 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.04.03 20:48:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.09 09:35:36 | 000,000,412 | -H-- | C] () -- C:\Windows\Tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
[2012.11.14 05:44:05 | 000,000,406 | -H-- | C] () -- C:\Windows\Tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_b3c2248a17d99099\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avc3.sys
[2013.06.19 00:24:57 | 000,242,504 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avchv.sys
[2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avckf.sys
[2013.04.22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\Windows\system32\drivers\gzflt.sys
[2013.06.22 00:40:03 | 000,355,744 | ---- | M] (BitDefender S.R.L.) Unable to obtain MD5 -- C:\Windows\system32\drivers\trufos.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.07.28 23:36:26 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2013.04.30 03:04:27 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2013.04.30 03:04:27 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2013.07.12 19:49:36 | 000,001,024 | ---- | M] () -- C:\Users\Administrator\.rnd
[2013.07.12 20:32:30 | 001,048,576 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2013.07.12 20:32:30 | 000,262,144 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG1
[2013.06.09 16:20:04 | 000,000,000 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG2
[2013.06.09 16:24:36 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.06.09 16:24:36 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.06.09 16:24:36 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.06.09 16:20:04 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Lokale Einstellungen] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D06A4C76

< End of report >

--- --- ---

Eine Extra.txt Datei hab ich nicht gefunden.

markusg · 12.07.2013, 19:55

kannst du noch mal scannen, diesmal all users (alle benutzer)?

SickDerrick · 12.07.2013, 20:05

Hm, wie mache ich das den genau. Es kam vllt etwas missverständlich rüber, aber ich habe 2 Benutzerkonten auf dem PC. Administrator und Simon. Auf Simon kann ich nicht zugreifen, weil sich dann sofort der GVU Trojaner öffnet, auch wenn ich offline bin...

Ah, hab oben das Häkchen bei "Scanne alle Benutzer" gesehen. ich Scan jetzt nochmal schnell.

So auf ein Neues:

Code:

ATTFilter

OTL logfile created on: 12.07.2013 21:12:13 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 48,18% Memory free
3,86 Gb Paging File | 2,46 Gb Available in Paging File | 63,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,15 Gb Total Space | 137,22 Gb Free Space | 47,79% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,97 Gb Free Space | 30,39% Space Free | Partition Type: NTFS
 
Computer Name: SIMON-THINK | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.12 20:13:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.06.26 15:54:43 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Programme\Bitdefender\Antivirus Free Edition\gziface.exe
PRC - [2013.06.07 22:55:30 | 000,023,552 | ---- | M] (WebCake LLC) -- C:\Programme\WebCake\WebCakeDesktop.Updater.exe
PRC - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.26 17:43:45 | 000,703,888 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013.03.26 17:43:31 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.19 16:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe
PRC - [2012.09.10 14:31:46 | 000,209,920 | ---- | M] () -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe
PRC - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.28 23:35:52 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2010.03.08 09:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Programme\Common Files\AOL\1291204051\ee\aolsoftware.exe
PRC - [2009.09.10 04:37:10 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.09.08 18:10:24 | 000,242,976 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2009.09.08 18:10:22 | 000,124,192 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009.09.08 17:59:08 | 000,335,872 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009.09.04 15:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.09.01 00:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009.09.01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009.08.26 16:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.08.20 02:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009.03.13 10:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.02.02 11:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\AOL\acs\AOLacsd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013.05.17 06:05:52 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.17 03:38:55 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013.05.17 03:38:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 03:38:18 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.17 03:37:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 03:32:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.03.26 17:44:18 | 000,063,376 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2013.02.14 04:36:48 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013.02.14 04:32:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.01.09 09:41:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 09:41:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 09:40:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 09:40:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 09:39:56 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 09:39:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.07.28 17:55:02 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.04.25 23:52:37 | 000,059,392 | ---- | M] () -- c:\Programme\Common Files\AOL\1291204051\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
MOD - [2011.03.14 14:21:10 | 000,016,384 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.11.02 21:41:18 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.09.08 17:59:06 | 000,651,264 | ---- | M] () -- C:\Programme\Lenovo\Access Connections\AcDeskBand.dll
MOD - [2009.08.23 20:04:00 | 000,037,888 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2009.08.16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.01 19:03:24 | 000,132,384 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\WebCake\WebCakeDesktop.Updater.exe C:\Users\Simon\AppData\Roaming\WebCake\WebCakeDesktop.exe -- (WebCake Desktop Updater)
SRV - [2013.06.26 15:54:50 | 000,050,816 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV - [2013.06.03 13:43:30 | 000,029,920 | ---- | M] (The OpenVPN Project) [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2013.06.03 11:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.26 17:43:31 | 000,555,408 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2013.02.02 01:23:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.04.22 22:49:45 | 000,670,816 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\xsherlock.xem -- (xsherlock)
SRV - [2011.07.28 23:35:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 19:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.12.01 19:38:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.05.10 10:19:18 | 003,390,312 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.09.08 18:10:24 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.09.08 18:10:22 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.09.04 15:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.09.01 00:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009.09.01 00:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009.09.01 00:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009.08.26 16:02:26 | 001,021,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.23 20:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009.08.04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009.07.15 03:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.03 11:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.04.29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Programme\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva388.sys -- (XDva388)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva365.sys -- (XDva365)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Simon\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Simon\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013.06.22 00:40:03 | 000,355,744 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2013.06.21 16:07:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013.04.22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2013.04.17 17:18:46 | 000,108,008 | ---- | M] (Bitdefender SRL) [Kernel | System | Running] -- C:\Programme\Bitdefender\Antivirus Free Edition\bdfwfpf.sys -- (bdfwfpf)
DRV - [2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.03.26 17:24:15 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2013.03.26 17:18:20 | 000,092,112 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock)
DRV - [2013.02.08 16:45:32 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012.10.02 12:31:18 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr)
DRV - [2012.04.13 12:55:46 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.07.29 00:22:04 | 008,396,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.07.28 22:53:46 | 000,247,296 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.06.27 17:54:30 | 000,022,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020200}_0)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.21 16:11:02 | 000,081,680 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV - [2010.09.04 00:24:40 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009.11.02 13:13:49 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.09.15 14:30:08 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.09.15 13:36:18 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.09.07 19:00:28 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.09.01 02:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.08.23 20:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009.07.22 07:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.02 11:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009.06.29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.06.23 05:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009.06.11 10:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009.05.14 01:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009.04.29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.05.12 11:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.03.07 12:08:08 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{D7CD9D94-F9A3-456F-832E-9FB5BDAA7544}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dradio.de/
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119777&babsrc=SP_ss&mntrId=9A9100FFDA74B58F
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\SearchScopes\{B6A2AA0B-8B20-4761-9C98-644D56CA6F0F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3240727
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\SearchScopes\{E0AFCAD7-D84C-4CB1-AC11-1A78600CA4D0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=08FCB59C-419C-4402-BE8E-A06D009554F3&apn_sauid=69C4DBB6-420E-4967-ACCC-6C6D3E096C8B
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-754786082-3646089344-277324070-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com
 
IE - HKU\S-1-5-21-754786082-3646089344-277324070-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\S-1-5-21-754786082-3646089344-277324070-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-754786082-3646089344-277324070-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC FA 28 D6 1E 7F CE 01  [binary data]
IE - HKU\S-1-5-21-754786082-3646089344-277324070-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-754786082-3646089344-277324070-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.31 11:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.02 01:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.02 01:23:06 | 000,000,000 | ---D | M]
 
[2013.02.02 01:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.02 01:23:05 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.02.02 01:23:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.02 01:23:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.02 01:23:11 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.12.20 02:55:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.02 04:37:34 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.12.20 02:55:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.12.20 02:55:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.20 02:55:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.20 02:55:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.20 02:55:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.06.25 16:23:00 | 000,000,028 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Program Files\Lenovo\Access Connections\AcWin7Hlpr.exe ()
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\AOL\1291204051\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-754786082-3646089344-277324070-1003..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKU\S-1-5-21-754786082-3646089344-277324070-1003..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKU\S-1-5-21-754786082-3646089344-277324070-1003..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Simon\AppData\Local\Temp\malbwenmgphogmjpk.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-754786082-3646089344-277324070-1003..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-754786082-3646089344-277324070-1003..\Run: [WebCake Desktop] C:\Users\Simon\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-754786082-3646089344-277324070-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-754786082-3646089344-277324070-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-754786082-3646089344-277324070-1003\..Trusted Domains: uni-erlangen.de ([vpn.rrze] https in Vertrauenswürdige Sites)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://ciscovpn.rrze.uni-erlangen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080E7D11-3F2A-4362-B581-3020A90C09E4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA74B58F-BA99-48C7-807E-06634D9A8A97}: DhcpNameServer = 131.188.0.10 131.188.0.11
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~2\BROWSE~1\261339~1.144\{C16C1~1\BrowserProtect.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-754786082-3646089344-277324070-1003 Winlogon: Shell - (cmd.exe) - C:\Windows\System32\cmd.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bc8ba723-c79c-11de-819f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bc8ba723-c79c-11de-819f-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.12 20:13:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.07.07 16:25:51 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles
[2013.07.06 11:22:45 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2013.06.25 16:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2013.06.23 21:57:31 | 000,000,000 | ---D | C] -- C:\Fitness
[2013.06.22 00:40:03 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.06.21 16:06:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.21 14:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.06.19 00:24:57 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.06.17 23:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
[2013.06.17 23:06:55 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013.06.17 23:06:55 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013.06.17 16:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.06.17 16:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.06.17 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.06.17 15:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.06.17 15:19:50 | 000,164,952 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.06.17 10:49:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.17 03:50:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.17 03:50:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2013.06.17 03:32:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.17 03:32:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.17 03:32:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.17 03:32:39 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.17 03:32:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.17 03:31:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.12 20:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.12 20:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.12 20:13:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.07.12 19:55:35 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.12 19:55:35 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.12 19:49:51 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.12 19:49:51 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
[2013.07.12 19:49:51 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
[2013.07.12 19:49:36 | 000,001,024 | ---- | M] () -- C:\Users\Administrator\.rnd
[2013.07.12 19:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.12 19:47:59 | 1555,587,072 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.12 18:50:37 | 000,765,110 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.12 18:50:37 | 000,718,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.12 18:50:37 | 000,177,262 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.12 18:50:37 | 000,143,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.12 17:55:07 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.07.12 17:51:36 | 001,084,727 | ---- | M] () -- C:\ProgramData\2433f433
[2013.07.12 16:20:57 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Simon.job
[2013.07.01 15:12:29 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.06.25 16:23:00 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.22 00:40:03 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.06.21 16:07:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.06.21 16:07:12 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.21 14:47:36 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.06.19 00:24:57 | 000,242,504 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.06.17 23:07:10 | 002,059,314 | ---- | M] () -- C:\ProgramData\1371502663.bdinstall.bin
[2013.06.17 15:34:52 | 002,043,436 | ---- | M] () -- C:\ProgramData\1371475169.bdinstall.bin
[2013.06.17 15:14:19 | 000,002,050 | ---- | M] () -- C:\ProgramData\1371474849.1604.bin
[2013.06.17 15:14:17 | 000,025,959 | ---- | M] () -- C:\ProgramData\1371474849.6100.bin
[2013.06.17 15:13:12 | 000,030,141 | ---- | M] () -- C:\ProgramData\1371474774.bdinstall.bin
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.12 17:51:36 | 001,084,727 | ---- | C] () -- C:\ProgramData\2433f433
[2013.06.21 16:06:21 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.21 14:47:36 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.06.17 23:07:10 | 002,059,314 | ---- | C] () -- C:\ProgramData\1371502663.bdinstall.bin
[2013.06.17 15:34:33 | 002,043,436 | ---- | C] () -- C:\ProgramData\1371475169.bdinstall.bin
[2013.06.17 15:14:11 | 000,002,050 | ---- | C] () -- C:\ProgramData\1371474849.1604.bin
[2013.06.17 15:14:09 | 000,025,959 | ---- | C] () -- C:\ProgramData\1371474849.6100.bin
[2013.06.17 15:13:12 | 000,030,141 | ---- | C] () -- C:\ProgramData\1371474774.bdinstall.bin
[2013.06.17 03:32:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.17 03:32:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.17 03:32:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.17 03:32:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.17 03:32:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.09 16:23:17 | 000,001,024 | ---- | C] () -- C:\Users\Administrator\.rnd
[2013.02.27 00:03:38 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.11.24 18:33:35 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012.11.24 18:33:35 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2012.11.24 18:33:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2012.11.24 18:30:58 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.11.24 18:30:58 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.07.28 17:49:12 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.06.09 16:23:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lenovo
[2011.01.19 03:56:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Activision
[2012.07.10 00:21:02 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Amazon
[2013.06.18 08:50:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BabSolution
[2013.05.02 04:37:29 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Babylon
[2010.12.15 19:06:11 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BitCometLite
[2010.07.19 09:14:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BugTrap Console Test105
[2010.07.21 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BugTrap Console Test108
[2010.06.30 11:07:08 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Darkfall
[2013.06.19 01:19:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\File Scout
[2010.07.05 16:38:09 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\GetRightToGo
[2012.04.21 23:42:19 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Hide IP NG
[2013.03.31 11:13:06 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Hoeso
[2013.03.31 11:24:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Ibgezu
[2013.04.21 04:37:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ICQ
[2010.07.17 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\InterVideo
[2012.12.03 02:30:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\JAM Software
[2010.07.09 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\JonDo
[2009.12.02 09:14:57 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Lenovo
[2010.12.15 22:51:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\MotioninJoy
[2010.09.18 20:40:00 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\NeopleLauncherDFO
[2009.12.02 09:36:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\OpenOffice.org
[2011.08.28 03:24:12 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PCDr
[2010.04.19 23:14:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PeerNetworking
[2010.07.09 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ProxyCap
[2013.06.17 15:20:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\QuickScan
[2012.08.09 23:07:20 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Rawo
[2013.03.28 21:20:36 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Riokit
[2009.12.28 04:25:24 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\ScummVM
[2011.02.14 18:30:39 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\SEGA Corporation
[2012.07.09 23:16:28 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Simfy
[2012.08.10 20:48:11 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Tapy
[2012.07.18 23:14:13 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\TeamViewer
[2012.11.24 18:35:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\TuneUp Software
[2010.06.28 09:29:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Turbine
[2011.08.28 03:22:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Update
[2013.06.18 08:50:03 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\WebCake
[2012.07.21 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Windows Desktop Search
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.07 16:25:51 | 000,000,000 | -HSD | M] -- C:\$$PendingFiles
[2013.07.12 18:40:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.11.02 13:10:15 | 000,000,000 | ---D | M] -- C:\AuthLog
[2009.07.21 08:20:37 | 000,000,000 | ---D | M] -- C:\Boot
[2013.06.17 10:53:47 | 000,000,000 | ---D | M] -- C:\ComboFix
[2013.07.08 06:18:03 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.02 08:47:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.10.07 03:03:24 | 000,000,000 | ---D | M] -- C:\f639328a148e7331984ef9155a4470
[2013.06.23 22:33:17 | 000,000,000 | ---D | M] -- C:\Fitness
[2012.12.16 16:14:44 | 000,000,000 | ---D | M] -- C:\Hörbücher
[2009.11.02 13:27:41 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.07.08 06:13:13 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.12 17:51:36 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.12.02 08:47:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.17 10:53:44 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009.12.02 08:48:13 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2013.03.01 22:30:51 | 000,000,000 | ---D | M] -- C:\swshare
[2009.12.02 09:44:28 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2013.07.12 20:17:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.06.09 16:20:03 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.12 18:02:55 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.15 14:52:16 | 000,000,000 | ---D | M] -- C:\Windyzone
[2013.06.18 08:49:43 | 000,000,000 | ---D | M] -- C:\_SMA
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2010.05.19 12:13:21 | 000,000,474 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Simon.job
[2011.03.05 22:59:45 | 000,001,092 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.05 22:59:46 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.08.28 03:22:06 | 000,000,466 | ---- | C] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2011.08.28 03:22:07 | 000,000,528 | ---- | C] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.04.03 20:48:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.09 09:35:36 | 000,000,412 | -H-- | C] () -- C:\Windows\Tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
[2012.11.14 05:44:05 | 000,000,406 | -H-- | C] () -- C:\Windows\Tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys
[2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_b3c2248a17d99099\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2013.04.17 14:59:04 | 000,633,344 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avc3.sys
[2013.06.19 00:24:57 | 000,242,504 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avchv.sys
[2013.04.17 14:59:04 | 000,486,536 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\avckf.sys
[2013.04.22 13:20:34 | 000,164,952 | ---- | M] (BitDefender LLC) Unable to obtain MD5 -- C:\Windows\system32\drivers\gzflt.sys
[2013.06.22 00:40:03 | 000,355,744 | ---- | M] (BitDefender S.R.L.) Unable to obtain MD5 -- C:\Windows\system32\drivers\trufos.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.07.28 23:36:26 | 000,462,848 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2013.04.30 03:04:27 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2013.04.30 03:04:27 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
< %USERPROFILE%\*.* >
[2013.07.12 19:49:36 | 000,001,024 | ---- | M] () -- C:\Users\Administrator\.rnd
[2013.07.12 21:29:53 | 001,048,576 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2013.07.12 21:29:53 | 000,262,144 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG1
[2013.06.09 16:20:04 | 000,000,000 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat.LOG2
[2013.06.09 16:24:36 | 000,065,536 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2013.06.09 16:24:36 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2013.06.09 16:24:36 | 000,524,288 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.06.09 16:20:04 | 000,000,020 | -HS- | M] () -- C:\Users\Administrator\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Lokale Einstellungen] -> Error: Cannot create file handle -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D06A4C76

< End of report >

markusg · 12.07.2013, 20:45

Hi,
das sieht doch schon mal besser aus.

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-754786082-3646089344-277324070-1003..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Simon\AppData\Local\Temp\malbwenmgphogmjpk.exe (NVIDIA
Corporation)
[2013.07.12 17:51:36 | 001,084,727 | ---- | C] () -- C:\ProgramData\2433f433
:files
C:\Users\Simon\AppData\Local\Temp\malbwenmgphogmjpk.exe
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

starte in den normalen modus.

Wenn du beim start in das betroffene Nutzerkonto keinen Desktop zu sehen bekommst:
Öffne den Taskmanager, anwendungen, neuer Task, tippe:
explorer.exe
enter
teile mir mit, ob dies nötig war.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

SickDerrick · 12.07.2013, 21:19

Hey,
Der Upload hat problemlos geklappt.

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-754786082-3646089344-277324070-1003\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx deleted successfully.
C:\Users\Simon\AppData\Local\Temp\malbwenmgphogmjpk.exe moved successfully.
C:\ProgramData\2433f433 moved successfully.
========== FILES ==========
File\Folder C:\Users\Simon\AppData\Local\Temp\malbwenmgphogmjpk.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 131527 bytes
->Temporary Internet Files folder emptied: 21234716 bytes
->Flash cache emptied: 57144 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Simon
->Temp folder emptied: 718662 bytes
->Temporary Internet Files folder emptied: 421315770 bytes
->Java cache emptied: 154212 bytes
->FireFox cache emptied: 90822097 bytes
->Flash cache emptied: 59858 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45500 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 510,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07122013_215649

Files\Folders moved on Reboot...
C:\Users\Simon\AppData\Local\Temp\gziface1.log moved successfully.
File move failed. C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Beim Neustart hab ich mich zuerst ins Simon-Benutzerkonto eingeloggt, um zu sehen, ob der Trojaner wieder sofort erscheint. Tat er nicht, aber der Desktop erschien auch nicht sofort. Es kam ein cmd.exe Fenster das besagte, dass der Befehl "File\Folder C:\Users\Simon\AppData\Local\Temp\malbwenmgphogmjpk.exe" falsch geschrieben wurde oder nicht existiert und auf jeden Fall nicht gefunden wurde. Dann hab ich das Fenster geschlossen und deinen Tipp beherzigt und mit dem Taskmanager die explorer.exe geöffnet. Dann kam der Desktop ganz normal, aber ich konnte mit meinem IE ausser der STartseite keine anderen Seiten mehr öffnen, da es die ganze Zeit am Laden war. Jetzt bin ich wieder auf Administrator-Benutzerkonto gewechselt und schreib dir von hier aus.

Danke schonmal für dein Engagement.

markusg · 12.07.2013, 22:50

Hi, versuche mal combofix vom admin konto, teste danach, ob du wieder alle Konten normal nutzen kannst:
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

SickDerrick · 13.07.2013, 00:39

Also habs einmal durchlaufen lassen, beim neustart gabs beim simon-benutzerkonto genau die selben problem, wie in meinem vorherigen post beschrieben. auf administrator gewechselt, konnte ich dann dort auch nicht ins internet, es wechselt auch jetzt immer noch zwischen on- und offline. des öfteren erscheint die nachricht, dass ich eine gesicherte internetverbindung aufgebe, sobald auf die angestrebte seite gehe. oder eben dass ich von einer ungesicherten in eine sichere verbindung überwechsle...

aber hier erstmal das combofix-log:

Code:

ATTFilter

ComboFix 13-07-12.01 - Administrator 13.07.2013   1:02.3.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1031.18.1978.1146 [GMT 2:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\1371474774.bdinstall.bin
c:\programdata\1371474849.1604.bin
c:\programdata\1371474849.6100.bin
c:\programdata\1371475169.bdinstall.bin
c:\programdata\1371502663.bdinstall.bin
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\6189c538-c102-424b-b645-3fb824a63826.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\users\Simon\AppData\Roaming\2433f433
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-12 to 2013-07-12  )))))))))))))))))))))))))))))))
.
.
2013-07-12 23:11 . 2013-07-12 23:11	--------	d-----w-	c:\users\Simon\AppData\Local\temp
2013-07-12 23:11 . 2013-07-12 23:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-12 22:50 . 2013-07-12 22:50	--------	d-----w-	c:\users\Administrator\AppData\Local\Macromedia
2013-07-12 22:49 . 2013-07-12 22:49	--------	d-----w-	c:\users\Administrator\AppData\Local\Mozilla
2013-07-12 22:46 . 2013-07-12 22:46	--------	d-----w-	c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-07-12 19:56 . 2013-07-12 20:04	--------	d-----w-	C:\_OTL
2013-07-07 14:25 . 2013-07-07 14:25	--------	d-----w-	C:\$$PendingFiles
2013-07-06 09:22 . 2013-07-06 09:22	--------	d-----w-	c:\programdata\bdch
2013-06-25 14:22 . 2013-03-26 15:18	92112	----a-r-	c:\windows\system32\drivers\acsock.sys
2013-06-23 19:57 . 2013-06-23 20:33	--------	d-----w-	C:\Fitness
2013-06-21 22:40 . 2013-06-21 22:40	355744	----a-w-	c:\windows\system32\drivers\trufos.sys
2013-06-21 14:06 . 2013-06-21 14:07	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-18 23:19 . 2013-05-28 13:05	163328	----a-w-	c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-18 23:19 . 2013-06-18 23:19	--------	d-----w-	c:\users\Simon\AppData\Roaming\File Scout
2013-06-18 22:24 . 2013-06-18 22:24	242504	----a-w-	c:\windows\system32\drivers\avchv.sys
2013-06-17 21:06 . 2013-04-17 12:59	633344	----a-w-	c:\windows\system32\drivers\avc3.sys
2013-06-17 21:06 . 2013-04-17 12:59	486536	----a-w-	c:\windows\system32\drivers\avckf.sys
2013-06-17 14:05 . 2013-06-21 12:48	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-17 14:05 . 2013-06-17 14:05	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-06-17 13:31 . 2013-06-17 13:31	--------	d-----w-	c:\program files\Sophos
2013-06-17 13:20 . 2013-06-17 13:20	--------	d-----w-	c:\users\Simon\AppData\Roaming\QuickScan
2013-06-17 13:19 . 2013-06-17 20:58	--------	d-----w-	c:\program files\Bitdefender
2013-06-17 13:19 . 2013-04-22 11:20	164952	------w-	c:\windows\system32\drivers\gzflt.sys
2013-06-17 01:50 . 2013-07-12 23:12	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 04:32 . 2012-04-03 18:48	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 04:32 . 2011-05-18 14:42	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 11:13 . 2013-06-12 09:08	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-05-17 01:25 . 2013-06-12 09:04	1767936	----a-w-	c:\windows\system32\wininet.dll
2013-05-17 01:25 . 2013-06-12 09:04	2877440	----a-w-	c:\windows\system32\jscript9.dll
2013-05-17 01:25 . 2013-06-12 09:04	61440	----a-w-	c:\windows\system32\iesetup.dll
2013-05-17 01:25 . 2013-06-12 09:04	109056	----a-w-	c:\windows\system32\iesysprep.dll
2013-05-14 08:40 . 2013-06-12 09:04	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-05-13 04:45 . 2013-06-12 01:27	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 01:27	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 01:27	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 01:27	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 01:27	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 01:27	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 01:26	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 01:27	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 01:27	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-01 20:59 . 2013-05-01 20:59	90	----a-w-	c:\windows\DeleteOnReboot.bat
2013-04-30 01:04 . 2013-04-30 01:04	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-30 01:04 . 2013-04-30 01:04	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-04-30 01:04 . 2013-04-30 01:04	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-04-30 01:04 . 2013-04-30 01:04	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-04-30 01:04 . 2013-04-30 01:04	158720	----a-w-	c:\windows\system32\msls31.dll
2013-04-30 01:04 . 2013-04-30 01:04	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-04-30 01:04 . 2013-04-30 01:04	138752	----a-w-	c:\windows\system32\wextract.exe
2013-04-30 01:04 . 2013-04-30 01:04	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-30 01:04 . 2013-04-30 01:04	12800	----a-w-	c:\windows\system32\mshta.exe
2013-04-30 01:04 . 2013-04-30 01:04	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-30 01:04 . 2013-04-30 01:04	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-30 01:04 . 2013-04-30 01:04	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-04-30 01:04 . 2013-04-30 01:04	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-30 01:04 . 2013-04-30 01:04	361984	----a-w-	c:\windows\system32\html.iec
2013-04-30 01:04 . 2013-04-30 01:04	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-30 01:04 . 2013-04-30 01:04	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-30 01:04 . 2013-04-30 01:04	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-26 04:55 . 2013-06-12 01:27	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 01:27	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-04-17 07:02 . 2013-06-12 01:27	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-02-01 23:23 . 2013-02-01 23:23	262552	------w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-09 176128]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcWin7Hlpr.exe" [2009-09-08 274432]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"HostManager"="c:\program files\Common Files\AOL\1291204051\ee\AOLSoftware.exe" [2010-03-08 41800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-06-26 50816]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-03-26 92112]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-08-31 106496]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2012-04-13 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-21 40776]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-10 3390312]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1343400]
R3 XDva365;XDva365;c:\windows\system32\XDva365.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-04-22 670816]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-04-17 108008]
S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-08-31 1692920]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-06-03 3085264]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-08-31 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-03-26 555408]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [2013-06-07 23552]
S3 ALSysIO;ALSysIO;c:\users\Simon\AppData\Local\Temp\ALSysIO.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 81680]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:05]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 20:59]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 20:59]
.
2013-07-12 c:\windows\Tasks\Norton Security Scan for Simon.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-19 07:48]
.
2013-07-12 c:\windows\Tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
- c:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-10-09 12:31]
.
2013-07-12 c:\windows\Tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
- c:\programdata\Premium\OptimizerPro\OptimizerPro.exe [2012-11-14 14:50]
.
2013-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-07-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://ciscovpn.rrze.uni-erlangen.de/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - ExtSQL: 2013-05-28 18:09; ftdownloader4@ftdownloader.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\extensions\ftdownloader4@ftdownloader.com.xpi
FF - ExtSQL: 2013-06-12 00:13; plugin@getwebcake.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\extensions\plugin@getwebcake.com
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 9a91507b00000000000000ffda74b58f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15827
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.164:37
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
FF - user.js: extentions.webcake.installId - 2cad9307-23ef-46a9-a8f7-2453fc646a89
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-754786082-3646089344-277324070-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:c0,08,37,f8,1c,65,ce,01
.
[HKEY_USERS\S-1-5-21-754786082-3646089344-277324070-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,0f,39,40,89,38,53,4b,8b,d6,39,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,0f,39,40,89,38,53,4b,8b,d6,39,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4868)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
.
Completion time: 2013-07-13  01:14:09
ComboFix-quarantined-files.txt  2013-07-12 23:14
ComboFix2.txt  2013-07-12 22:21
ComboFix3.txt  2013-06-17 08:53
.
Pre-Run: 18 Verzeichnis(se), 147.375.067.136 Bytes frei
Post-Run: 20 Verzeichnis(se), 147.092.426.752 Bytes frei
.
- - End Of File - - 87FB5D2109AE98CD5D7AC9B69630CE4D
CF75DA49CB260FAC7253A4661CBD80AA

ryder · 15.07.2013, 20:23

Hi

markus ist derzeit nicht da und ich helfe dir weiter. Bitte poste mir eine Datei:

Liste der installierten Programme (Combofix)

Bitte suche und poste mir die folgende Datei:
c:\Qoobox\Add-Remove Programs.txt

SickDerrick · 15.07.2013, 20:55

Hey, vielen Dank, dass du mir weiterhilfst. Hier die Text-Datei:

Code:

ATTFilter

 Registry Patch to arrange icons in Device and Printers folder of Windows 7
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Access Help
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Deutsch
Age of Wushu
Amazon MP3-Downloader 1.0.9
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Media Foundation Decoders
Anzeige am Bildschirm
AOL Uninstaller (Choose which Products to Remove)
ASIO4ALL
AT&T Service Activation
ATI Uninstaller
Bandisoft MPEG-1 Decoder
Bitdefender Antivirus Free Edition
Business Contact Manager für Outlook 2007 SP2
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help English
CCleaner
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 
Click to Call with Skype
Client Security - Password Manager
Conexant 20561 SmartAudio HD
Core Temp version 0.99.8
Create Recovery Media
Delta Chrome Toolbar
Delta toolbar  
Dienstprogramm "ThinkPad UltraNav"
DirectX 9 Runtime
DivX-Setup
DivX Converter
DivX Plus DirectShow Filters
DriverAgent by eSupport.com
ffdshow v1.2.4422 [2012-04-09]
FL Studio 10
FTDownloader
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
ICQ7.6
IL Download Manager
Intel(R) Management Engine Interface
InterVideo WinDVD 8
Java Auto Updater
Java(TM) 6 Update 37
Junk Mail filter update
Lenovo Fingerprint Software
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome
Malwarebytes Anti-Malware Version 1.75.0.1300
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Research AutoCollage Touch 2009
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mobile Broadband Connect
Mozilla Firefox 18.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
OpenVPN 2.3.2-I001 
OptimizerPro1
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
RICOH R5U8xx Media Driver ver.3.64.02
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spelling Dictionaries Support For Adobe Reader 9
SPSS 15.0 für Windows [Auswertung Version]
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab CYRI
System Update
TAP-Windows 9.9.2
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad Energie-Manager
ThinkPad FullScreen Magnifier
ThinkPad Modem Adapter
ThinkPad Power Management Driver
ThinkPad UltraNav Driver
ThinkVantage Access Connections
ThinkVantage System für aktiven Festplattenschutz
TreeSize Professional V5.5.5
TVUPlayer 2.5.3.1
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Verizon Wireless Mobile Broadband Self Activation
VLC media player 1.0.3
WebCake 3.00
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (07/07/2009 8.1.2.56)
Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55)
Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc  (06/25/2009 6.10.01.03)
Windows-Treiberpaket - Ricoh Company (rismxdp) hdc  (06/25/2009 6.10.01.04)
Windows-Treiberpaket - Ricoh Company MMC Host Controller (06/25/2009 6.10.01.03)
Windows-Treiberpaket - Sonix (SNP2UVC) Image  (08/03/2009 5.8.53003.0)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
WinRAR

ryder · 15.07.2013, 21:03

Klaro,

wir müssen da noch erstmal noch ein wenig aufräumen bevor wir klarer sehen:

Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstalliere die folgenden Programme:

Zitat:

Delta Chrome Toolbar
Delta toolbar
FTDownloader
IL Download Manager
OptimizerPro1
WebCake 3.00

Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3:
AdwCleaner wiederholen
Die vorliegende Version der Werbeprogramme ist ziemlich hartnäckig und kann von AdwCleaner erfahrungsgemäss nur bei zweimaliger Anwendung entfernt werden. Also wiederhole diesen Schritt bitte und poste auch das Logfile.

Schritt 4:
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Combofix wird überprüfen, ob die Microsoft Windows Wiederherstellungskonsole installiert ist.
Ist diese nicht installiert, erlaube Combofix diese herunter zu laden und zu installieren. Folge dazu einfach den Anweisungen und aktzeptiere die Endbenutzer-Lizenz.
Bei heutiger Malware ist dies sehr empfehlenswert, da diese uns eine Möglichkeit bietet, dein System zu reparieren, falls etwas schief geht.
Bestätige die Information, dass die Wiederherstellungskonsole installiert wurde mit Ja.
Hinweis: Ist diese bereits installiert, wird Combofix mit der Malwareentfernung fortfahren.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es eine Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

SickDerrick · 15.07.2013, 21:59

erste Adwcleaner Logdatei:

Code:

ATTFilter

# AdwCleaner v2.305 - Datei am 15/07/2013 um 22:11:50 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Simon - SIMON-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Simon\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\extensions\ftdownloader4@ftdownloader.com.xpi
Datei Gelöscht : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\searchplugins\BrowserProtect.xml
Gelöscht mit Neustart : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Simon\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Simon\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Simon\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\5257d7d8b13ceb13
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\5257d7d8b13ceb13
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\prefs.js

C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.50a31381784b4.scode", "if(window.self==window.top){var script=document.createE[...]

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1zuexhto.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [25638 octets] - [01/05/2013 22:58:15]
AdwCleaner[S1].txt - [25646 octets] - [01/05/2013 22:59:23]
AdwCleaner[S2].txt - [11093 octets] - [15/07/2013 22:11:50]

########## EOF - C:\AdwCleaner[S2].txt - [11154 octets] ##########

zweite Adwcleaner Logdatei:

Code:

ATTFilter

# AdwCleaner v2.305 - Datei am 15/07/2013 um 22:16:25 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Simon - SIMON-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Simon\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\Premium

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\1zuexhto.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [25638 octets] - [01/05/2013 22:58:15]
AdwCleaner[S1].txt - [25646 octets] - [01/05/2013 22:59:23]
AdwCleaner[S2].txt - [11224 octets] - [15/07/2013 22:11:50]
AdwCleaner[S3].txt - [1088 octets] - [15/07/2013 22:16:25]

########## EOF - C:\AdwCleaner[S3].txt - [1148 octets] ##########

und die Combofix Logdatei:

Code:

ATTFilter

ComboFix 13-07-15.01 - Simon 15.07.2013  22:27:09.4.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1031.18.1978.1030 [GMT 2:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1373792156.bdinstall.bin
c:\programdata\1373792157.bdinstall.bin
c:\programdata\1373918766.bdinstall.bin
c:\programdata\1373918769.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-15 to 2013-07-15  )))))))))))))))))))))))))))))))
.
.
2013-07-15 20:38 . 2013-07-15 20:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-15 20:38 . 2013-07-15 20:38	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-07-15 19:13 . 2013-07-15 19:13	263576	----a-w-	c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2013-07-15 19:13 . 2013-07-15 19:13	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-07-12 23:11 . 2013-07-15 20:39	--------	d-----w-	c:\users\Simon\AppData\Local\temp
2013-07-12 22:50 . 2013-07-12 22:50	--------	d-----w-	c:\users\Administrator\AppData\Local\Macromedia
2013-07-12 22:49 . 2013-07-12 22:49	--------	d-----w-	c:\users\Administrator\AppData\Local\Mozilla
2013-07-12 22:46 . 2013-07-13 09:17	--------	d-----w-	c:\users\Administrator\AppData\Local\ElevatedDiagnostics
2013-07-12 19:56 . 2013-07-12 20:04	--------	d-----w-	C:\_OTL
2013-07-07 14:25 . 2013-07-07 14:25	--------	d-----w-	C:\$$PendingFiles
2013-07-06 09:22 . 2013-07-06 09:22	--------	d-----w-	c:\programdata\bdch
2013-06-25 14:22 . 2013-03-26 15:18	92112	----a-r-	c:\windows\system32\drivers\acsock.sys
2013-06-23 19:57 . 2013-06-23 20:33	--------	d-----w-	C:\Fitness
2013-06-21 14:06 . 2013-06-21 14:07	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-18 23:19 . 2013-05-28 13:05	163328	----a-w-	c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-17 14:05 . 2013-06-21 12:48	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-17 14:05 . 2013-06-17 14:05	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2013-06-17 13:31 . 2013-06-17 13:31	--------	d-----w-	c:\program files\Sophos
2013-06-17 13:20 . 2013-06-17 13:20	--------	d-----w-	c:\users\Simon\AppData\Roaming\QuickScan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 20:16 . 2013-05-01 20:59	270	----a-w-	c:\windows\DeleteOnReboot.bat
2013-06-12 04:32 . 2012-04-03 18:48	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 04:32 . 2011-05-18 14:42	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 04:45 . 2013-06-12 01:27	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 01:27	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 01:27	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 01:27	903168	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 01:27	43008	----a-w-	c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 01:27	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-08 05:38 . 2013-06-12 01:26	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 01:27	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 01:27	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-26 04:55 . 2013-06-12 01:27	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-04-25 23:30 . 2013-06-12 01:27	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-04-17 07:02 . 2013-06-12 01:27	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-21 110352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [BU]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-09 176128]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"TpShocks"="TpShocks.exe" [2009-07-08 337184]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcWin7Hlpr.exe" [2009-09-08 274432]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 3089720]
"HostManager"="c:\program files\Common Files\AOL\1291204051\ee\AOLSoftware.exe" [2010-03-08 41800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-03-26 703888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ProxyCap"=c:\progra~1\PROXYL~1\ProxyCap\ProxyCap.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
"Validator"=c:\users\Simon\AppData\Roaming\WinRAR\{4EBE2FE9-7913-40AA-BDA8-9B0B82B450C8}\Validator.exe
"epic.exe"=c:\users\Simon\AppData\Roaming\Rawo\epic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-03-26 92112]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-08-31 106496]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2012-04-13 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-06-21 40776]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-05-10 3390312]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1343400]
R3 XDva365;XDva365;c:\windows\system32\XDva365.sys [x]
R3 XDva388;XDva388;c:\windows\system32\XDva388.sys [x]
R3 XDva389;XDva389;c:\windows\system32\XDva389.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-04-22 670816]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 176128]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-08-31 1692920]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-08-31 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-03-26 555408]
S3 ALSysIO;ALSysIO;c:\users\Simon\AppData\Local\Temp\ALSysIO.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 81680]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:05]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 20:59]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 20:59]
.
2013-07-15 c:\windows\Tasks\Norton Security Scan for Simon.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-19 07:48]
.
2013-07-15 c:\windows\Tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
- c:\programdata\Premium\OptimizerPro1\OptimizerPro1.exe [2012-10-09 12:31]
.
2013-07-15 c:\windows\Tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
- c:\programdata\Premium\OptimizerPro\OptimizerPro.exe [2012-11-14 14:50]
.
2013-07-01 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-07-15 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = -
uInternet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
Trusted Zone: uni-erlangen.de\vpn.rrze
TCP: DhcpNameServer = 192.168.2.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://ciscovpn.rrze.uni-erlangen.de/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\vtsy7iid.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-754786082-3646089344-277324070-1003\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{4086155B-7245-4538-9C82-F9983ECFC4A4}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,0c,91,
   5d,75,29,51,08,88,8b,a6,c6,38,88,87,b8
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,22,3a,
   50,8e,32,13,0a,84,fc,a2,85,03,72,3a,69
.
[HKEY_USERS\S-1-5-21-754786082-3646089344-277324070-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7e,35,64,30,0a,5b,c7,d5,8b,a5,1c,b7,d0,95,c7,93,eb,b1,ce,8e,41,6d,0e,
   17,28,3a,df,36,60,0f,c8,0c,e9,ed,95,7e,eb,37,88,e7,2a,a6,74,77,0b,54,78,c9,\
"??"=hex:c7,33,65,61,e4,68,64,c9,bb,f9,b4,12,7b,25,27,10
.
[HKEY_USERS\S-1-5-21-754786082-3646089344-277324070-1003\Software\SecuROM\License information*]
"datasecu"=hex:10,98,08,b6,85,7c,9f,ab,f6,08,b5,8c,fc,4f,76,83,fe,12,da,77,37,
   0d,64,a1,1a,4e,fb,13,b0,3c,88,0a,d4,6e,3f,e8,8c,ac,9f,46,35,62,68,d4,b0,f2,\
"rkeysecu"=hex:3f,e2,d5,58,e7,66,1b,55,cb,6d,2a,f3,c5,39,d0,21
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-15  22:47:28
ComboFix-quarantined-files.txt  2013-07-15 20:47
ComboFix2.txt  2013-07-12 23:14
ComboFix3.txt  2013-07-12 22:21
ComboFix4.txt  2013-06-17 08:53
.
Pre-Run: 19 Verzeichnis(se), 146.274.627.584 Bytes frei
Post-Run: 20 Verzeichnis(se), 146.303.315.968 Bytes frei
.
- - End Of File - - B4D395B28E8F8E91785B72A9BD067B61
CF75DA49CB260FAC7253A4661CBD80AA

ryder · 16.07.2013, 10:02

Wir habens fast geschafft:

Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Folder::
c:\program files\PC-Doctor
c:\programdata\Premium
c:\program files\Norton Security Scan
c:\users\Simon\AppData\Roaming\Rawo


File::
c:\windows\Tasks\Norton Security Scan for Simon.job
c:\windows\Tasks\OptimizerPro1UpdaterTask{D2E2FC03-DDE5-4D49-9052-2117A0AB0448}.job
c:\windows\Tasks\OptimizerProUpdaterTask{452255B1-2A9F-41FC-AED7-0D9A75A0E30C}.job
c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
c:\windows\Tasks\SystemToolsDailyTest.job

ClearJavaCache::
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

SickDerrick · 16.07.2013, 11:12

Das Log war zu lang, deswegen hab ichs als Zip-Datei hinzugefügt. Hoffe das passt so.

15.07.2013, 20:23	#10
ryder /// TB-Ausbilder	GVU Trojaner lässt mich nicht in den Abgesicherten Modus Hi markus ist derzeit nicht da und ich helfe dir weiter. Bitte poste mir eine Datei: Liste der installierten Programme (Combofix) Bitte suche und poste mir die folgende Datei: c:\Qoobox\Add-Remove Programs.txt __________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM!

GVU Trojaner lässt mich nicht in den Abgesicherten Modus

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner lässt mich nicht in den Abgesicherten Modus