Trojaner-Board - searchqu/413 auf Chrome und Explorer+PUP. Keylogger und PUP. ChromepasswordTool

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - searchqu/413 auf Chrome und Explorer+PUP. Keylogger und PUP. ChromepasswordTool (https://www.trojaner-board.de/109245-searchqu-413-chrome-explorer-pup-keylogger-pup-chromepasswordtool.html)

searchqu/413 auf Chrome und Explorer+PUP. Keylogger und PUP. ChromepasswordTool

Hallo zusammen!
habe mir wohl in der letzten Woche den search qu 413 eingefangen und möchte ihn wieder loswerden, zudem hatte ich bei Überprüfung durch malwarebytes PUP Keyloger und ChromepasswordTool auf dem Rechner.
Durch google bin ich auf diese Seite gelangt, da andere User den search qu 406 hatten und ich mir aber nicht sicher bin ob ich genau so vorgehen kann wie dort beschrieben, deswegen hier die Logfiles:

Anhang 28822

Und fürs Forum hier gleich die OTL Datei:

Code:

OTL logfile created on: 05.02.2012 16:35:28 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,62% Memory free

8,22 Gb Paging File | 6,16 Gb Available in Paging File | 74,96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596,17 Gb Total Space | 442,60 Gb Free Space | 74,24% Space Free | Partition Type: NTFS

Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()

PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll ()

MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll ()

MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll ()

MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll ()

MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll ()

MOD - C:\Users\***\AppData\Local\Google\Chrome\APPLIC~1\160912~1.77\gcswf32.dll ()

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )

DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)

DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics)

DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/413

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

 

[2011.09.24 10:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.08.08 19:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.08.05 15:44:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.08.05 15:44:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=413&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows Searchqu Toolbar" File not found

O4 - HKLM..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar" File not found

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B05CF0A-726B-4156-9560-6EF79C9EE66D}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.05 16:02:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.04 20:53:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.04 20:52:30 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2012.02.04 20:52:29 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012.02.04 20:52:29 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012.02.04 20:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012

[2012.02.04 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2012.02.04 20:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012

[2012.02.04 20:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012.02.04 20:50:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.02.04 20:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012.02.03 16:18:30 | 000,311,296 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe

[2012.02.03 16:18:29 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX

[2012.02.03 16:18:29 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL

[2012.02.03 16:18:29 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL

[2012.02.03 16:18:29 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL

[2012.02.03 16:18:29 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX

[2012.02.03 16:18:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL

[2012.02.03 16:18:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL

[2012.02.03 16:18:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar

[2012.02.03 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FreeFLVConverter

[2012.02.03 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter

[2012.01.31 06:40:36 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012.01.31 06:40:36 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012.01.26 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ZIMMER

[2012.01.23 06:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2012.01.18 11:56:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR

[2012.01.11 10:27:46 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012.01.11 10:27:46 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012.01.11 10:27:46 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012.01.11 10:27:46 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012.01.11 10:27:45 | 001,585,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012.01.11 10:27:43 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmm.dll

[2012.01.11 10:27:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcicda.dll

[2012.01.11 10:27:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciwave.dll

[2012.01.11 10:27:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mciseq.dll

[2012.01.11 10:27:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciseq.dll

[2012.01.11 10:27:37 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012.01.11 10:27:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012.01.11 10:27:28 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.05 16:05:28 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2012.02.05 16:02:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Guiseppe\Desktop\dds.com

[2012.02.05 16:00:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.05 15:42:59 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302328129-1709802029-363408948-1000UA.job

[2012.02.05 15:27:54 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.05 15:27:54 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.05 12:43:15 | 000,010,582 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt 1.odt

[2012.02.05 11:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.04 20:53:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Guiseppe\Desktop\OTL.exe

[2012.02.04 20:49:10 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.02.04 20:49:10 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.02.04 20:49:10 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.02.04 20:49:10 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.02.04 20:49:10 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.02.04 20:42:14 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys

[2012.02.03 17:14:56 | 000,127,053 | ---- | M] () -- C:\Users\***\Desktop\The-best-top-hd-desktop-katy-perry-wallpaper-katy-perry-wallpapers-17.jpg

[2012.02.01 18:33:27 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302328129-1709802029-363408948-1000Core.job

[2012.01.31 19:49:24 | 000,336,416 | ---- | M] () -- C:\Users\***\Desktop\Bild.png

[2012.01.29 22:40:30 | 000,011,372 | ---- | M] () -- C:\Users\***\Documents\Das letzte Los.odt

[2012.01.29 21:47:26 | 000,085,826 | ---- | M] () -- C:\Users\***\Desktop\house-arrest-im-loft.jpg

[2012.01.11 00:14:38 | 001,539,214 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.05 16:05:28 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2012.02.05 16:00:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.05 12:43:13 | 000,010,582 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt 1.odt

[2012.02.04 20:52:25 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk

[2012.02.03 17:14:58 | 000,127,053 | ---- | C] () -- C:\Users\***\Desktop\The-best-top-hd-desktop-katy-perry-wallpaper-katy-perry-wallpapers-17.jpg

[2012.02.03 16:18:29 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx

[2012.02.03 16:18:29 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb

[2012.02.03 16:18:29 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx

[2012.01.31 19:49:23 | 000,336,416 | ---- | C] () -- C:\Users\***\Desktop\Bild.png

[2012.01.29 22:40:29 | 000,011,372 | ---- | C] () -- C:\Users\***\Documents\Das letzte Los.odt

[2012.01.29 21:47:30 | 000,085,826 | ---- | C] () -- C:\Users\***\Desktop\house-arrest-im-loft.jpg

[2011.10.09 00:21:53 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.11 10:46:21 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.09.11 10:46:14 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.10 22:50:13 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{70CBAA94-059B-44D5-A0E0-6D37BCE6A92D}

[2011.08.05 15:52:43 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.06.25 15:15:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.06.25 15:14:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.06.25 15:14:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.06.25 00:09:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.06.24 13:54:14 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe

[2011.06.24 08:11:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011.06.24 00:05:02 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat

[2011.06.15 01:52:02 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.06.21 07:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

 
 ========== LOP Check ==========

 

[2011.10.13 14:31:05 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#

[2011.08.05 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock

[2011.08.05 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2

[2012.01.26 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2011.11.20 19:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.03 16:25:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter

[2011.06.25 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech

[2011.10.11 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON

[2011.08.08 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2011.06.24 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2011.11.24 20:16:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10

[2012.02.04 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2011.07.29 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity

[2011.08.06 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net

[2012.02.03 18:34:20 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 504 bytes -> C:\ProgramData\TEMP:05EE1EEF
 

< End of report >

Und die OTL Extras:

Code:

OTL Extras logfile created on: 05.02.2012 16:35:28 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,62% Memory free

8,22 Gb Paging File | 6,16 Gb Available in Paging File | 74,96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596,17 Gb Total Space | 442,60 Gb Free Space | 74,24% Space Free | Partition Type: NTFS

Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = A7 F4 C9 53 1D 3B CC 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{982A8258-3729-4D31-AB72-4CC24CBAE4EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{B8CD1C8C-723E-49E8-817B-FD6EC38BAF8F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C146CD6-75A1-427E-BAB7-16FA1C98CFA0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{670C27B7-B5E5-48B6-986F-B0972F7DBEC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{77EF30DF-A1F9-47DD-9D37-7168482FDD14}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{843605CF-3ED1-4D77-B052-A4959292C2AA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{9B972ED0-F9FC-47BF-AA49-F25F4FC9E364}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{A500C0B1-F84C-4152-AE5E-967D80D3B68E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 

"{AC064E12-EE1C-4118-8D57-F14700F190CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{B8506FDB-63AC-4EF9-AEFF-D9E3C937A5D0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{D114FE7B-8F46-47E1-A7F6-09FEC5E6CB94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"{EC217904-2981-479F-AB67-0118840AC073}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 

"TCP Query User{AE3FC74A-376E-411F-8BBB-054AE14131EC}C:\users\guiseppe\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\guiseppe\appdata\local\google\chrome\application\chrome.exe | 

"UDP Query User{496BBB7B-FEB6-43AA-8485-A702F6846F0D}C:\users\guiseppe\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\guiseppe\appdata\local\google\chrome\application\chrome.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.50

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.50

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.50

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.1

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29

"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE

"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0905.1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)

"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock

"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Afterburner" = MSI Afterburner 2.0.0

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.3

"dlanconf" = devolo MicroLink dLAN Konfigurations-Assistent

"dslmon" = devolo MicroLink Informer

"easyclean" = devolo EasyClean

"easyshare" = devolo MicroLink EasyShare

"Free Studio_is1" = Free Studio version 5.2.1

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"PROHYBRIDR" = 2007 Microsoft Office system

"Samsung CLP-310 Series" = Samsung CLP-310 Series

"Steam App 72850" = The Elder Scrolls V: Skyrim

"TIPP10_is1" = TIPP10 Version 2.1.0

"TuneUp Utilities 2012" = TuneUp Utilities 2012

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 02.02.2012 11:17:09 | Computer Name = ***| Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 02.02.2012 11:17:09 | Computer Name = ***| Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1061

 

Error - 02.02.2012 11:17:09 | Computer Name = *** | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

 

Error - 03.02.2012 09:22:08 | Computer Name = *** | Source = WinMgmt | ID = 10

Description = 

 

Error - 03.02.2012 09:28:27 | Computer Name = *** | Source = Application Hang | ID = 1002

Description = Programm chrome.exe, Version 16.0.912.77 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: b1c  Anfangszeit: 01cce276a552b09d  Zeitpunkt der Beendigung:

 5

 

Error - 03.02.2012 10:10:44 | Computer Name = *** | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.02.2012 15:43:26 | Computer Name = *** | Source = WinMgmt | ID = 10

Description = 

 

Error - 04.02.2012 22:49:17 | Computer Name = *** | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 04.02.2012 22:49:17 | Computer Name = ***| Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1061

 

Error - 04.02.2012 22:49:17 | Computer Name = *** | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1061

 

[ System Events ]

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 05.07.2011 10:27:09 | Computer Name = *** | Source = Microsoft-Windows-Servicing | ID = 4375

Description = 

 

Error - 06.07.2011 06:11:23 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 06.07.2011 06:11:23 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

Bzw. den Malwarereport:

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.05.02
 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 7.0.6002.18005

*** :: *** [Administrator]
 

Schutz: Aktiviert
 

05.02.2012 17:04:22

mbam-log-2012-02-05 (17-04-22).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 339741

Laufzeit: 44 Minute(n), 19 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Users\***\Downloads\refog_setup_kl_641.exe (PUP.Keylogger) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\***\Downloads\chromepass121\ChromePass.exe (PUP.ChromePasswordTool) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Greets Berserk

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hallo Cosinus, Nein da muss ich dich leider enttäuschen, das ist der erste Scan, bisher hatte ich keine Viren auf meinem PC, das ist das erste Mal...

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Cosinus, hier ist der ESET Scan:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ad5c56207c53d340ba042a06a0434021

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-06 09:16:56

# local_time=2012-02-06 10:16:56 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 94 19983 65091498 13843 0

# compatibility_mode=5892 16776638 100 56 19625796 166083541 0 0

# compatibility_mode=8192 67108863 100 0 3782 3782 0 0

# scanned=149016

# found=2

# cleaned=0

# scan_time=3380

C:\Users\***\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Users\***\Downloads\SoftonicDownloader_fuer_furmark.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Danke schonmal für die schnelle Antwort ;)

Zitat:

C:\Users\***\Downloads\SoftonicDownloader_fuer_furmark.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hey Cosinus, vielen Dank hier nochmal die neue OTL-Datei

Code:

OTL logfile created on: 07.02.2012 16:32:17 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 55,73% Memory free

8,22 Gb Paging File | 6,36 Gb Available in Paging File | 77,42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 596,17 Gb Total Space | 440,44 Gb Free Space | 73,88% Space Free | Partition Type: NTFS

Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()

PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV:64bit: - (cpuz135) -- C:\Windows\SysNative\drivers\cpuz135_x64.sys (CPUID)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )

DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)

DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys (Samsung Electronics)

DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/413

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

 

[2011.09.24 10:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.08.08 19:50:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.08.05 15:44:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.08.05 15:44:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=413&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Guiseppe\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Guiseppe\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\

CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O15 - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)

O15 - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B05CF0A-726B-4156-9560-6EF79C9EE66D}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.06 21:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.02.06 17:13:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Logfiles

[2012.02.05 17:02:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.02.05 17:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.05 17:01:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.02.05 17:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.02.05 16:02:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.04 20:53:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.04 20:52:30 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe

[2012.02.04 20:52:29 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll

[2012.02.04 20:52:29 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[2012.02.04 20:52:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012

[2012.02.04 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2012.02.04 20:52:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012

[2012.02.04 20:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012.02.04 20:50:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.02.04 20:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012.02.03 16:18:30 | 000,311,296 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe

[2012.02.03 16:18:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FreeFLVConverter

[2012.02.03 16:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter

[2012.01.26 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ZIMMER

[2012.01.23 06:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2012.01.18 11:56:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.07 16:32:43 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302328129-1709802029-363408948-1000Core.job

[2012.02.07 16:26:40 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2302328129-1709802029-363408948-1000UA.job

[2012.02.07 16:26:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.06 22:10:42 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.06 22:10:42 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.06 16:55:11 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.02.06 16:55:11 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.02.06 16:55:11 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.02.06 16:55:11 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.02.06 16:55:11 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.02.05 17:01:56 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.05 16:05:28 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable

[2012.02.05 16:02:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.05 16:00:12 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.05 12:43:15 | 000,010,582 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt 1.odt

[2012.02.04 20:53:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.03 17:14:56 | 000,127,053 | ---- | M] () -- C:\Users\***\Desktop\The-best-top-hd-desktop-katy-perry-wallpaper-katy-perry-wallpapers-17.jpg

[2012.01.31 19:49:24 | 000,336,416 | ---- | M] () -- C:\Users\***\Desktop\Bild.png

[2012.01.29 22:40:30 | 000,011,372 | ---- | M] () -- C:\Users\***\Documents\Das letzte Los.odt

[2012.01.29 21:47:26 | 000,085,826 | ---- | M] () -- C:\Users\***\Desktop\house-arrest-im-loft.jpg

[2012.01.11 00:14:38 | 001,539,214 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.05 17:01:56 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.05 16:05:28 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable

[2012.02.05 16:00:12 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.05 12:43:13 | 000,010,582 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt 1.odt

[2012.02.04 20:52:25 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk

[2012.02.03 17:14:58 | 000,127,053 | ---- | C] () -- C:\Users\***\Desktop\The-best-top-hd-desktop-katy-perry-wallpaper-katy-perry-wallpapers-17.jpg

[2012.02.03 16:18:29 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx

[2012.02.03 16:18:29 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb

[2012.02.03 16:18:29 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx

[2012.01.31 19:49:23 | 000,336,416 | ---- | C] () -- C:\Users\***\Desktop\Bild.png

[2012.01.29 22:40:29 | 000,011,372 | ---- | C] () -- C:\Users\***\Documents\Das letzte Los.odt

[2012.01.29 21:47:30 | 000,085,826 | ---- | C] () -- C:\Users\***\Desktop\house-arrest-im-loft.jpg

[2011.10.09 00:21:53 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.09.11 10:46:21 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.09.11 10:46:14 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.08.10 22:50:13 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{70CBAA94-059B-44D5-A0E0-6D37BCE6A92D}

[2011.08.05 15:52:43 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.06.25 15:15:22 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.06.25 15:14:57 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.06.25 15:14:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.06.25 00:09:00 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.06.24 13:54:14 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe

[2011.06.24 08:11:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

[2011.06.24 00:05:02 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat

[2011.06.15 01:52:02 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.06.21 07:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

 
 ========== LOP Check ==========

 

[2011.10.13 14:31:05 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#

[2011.08.05 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock

[2011.08.05 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2

[2012.01.26 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2011.11.20 19:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.03 16:25:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter

[2011.06.25 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech

[2011.10.11 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON

[2011.08.08 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2011.06.24 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2011.11.24 20:16:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10

[2012.02.04 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2011.07.29 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity

[2011.08.06 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net

[2012.02.06 16:46:45 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.13 14:31:05 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#

[2011.06.24 12:01:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2011.11.20 19:36:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer

[2011.06.30 10:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira

[2011.08.05 17:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock

[2011.08.05 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2

[2012.01.26 17:31:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2011.11.20 19:17:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.02.03 16:25:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter

[2011.06.24 00:12:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2011.06.24 15:56:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield

[2011.06.25 18:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech

[2011.06.24 11:52:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012.02.05 17:02:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2011.10.11 22:37:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON

[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs

[2011.09.27 16:29:00 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2011.08.01 09:32:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA

[2011.08.08 20:52:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2011.06.24 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2011.08.01 17:52:43 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM

[2011.11.24 20:16:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TIPP10

[2012.02.04 20:52:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2011.07.29 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity

[2011.08.06 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\wargaming.net

[2012.01.18 11:56:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys

[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll

[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll

[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys

[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll

[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll

[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll

[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 504 bytes -> C:\ProgramData\TEMP:05EE1EEF
 

< End of report >

PS: Sieht man oben bei den vorangegangenen Posts die Code tags nicht?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/413

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1000\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.alternate.net [binary data]

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2302328129-1709802029-363408948-1001\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=0&systemid=413&sr=0&q={searchTerms}

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O4 - HKU\S-1-5-21-2302328129-1709802029-363408948-1001..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

@Alternate Data Stream - 504 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Files

C:\ProgramData\{*

C:\Users\***\AppData\Roaming\.#

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

ll processes killed

========== OTL ==========

HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2302328129-1709802029-363408948-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2302328129-1709802029-363408948-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.

C:\Windows\SysWOW64\dvmurl.dll moved successfully.

HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKU\S-1-5-21-2302328129-1709802029-363408948-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2302328129-1709802029-363408948-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ not found.

File C:\Windows\SysWOW64\dvmurl.dll not found.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2302328129-1709802029-363408948-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2302328129-1709802029-363408948-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.

========== FILES ==========

C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} folder moved successfully.

C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.

C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64 folder moved successfully.

C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64 folder moved successfully.

C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} folder moved successfully.

C:\Users\***\AppData\Roaming\.# folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 13381364 bytes

->Temporary Internet Files folder emptied: 110972194 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 434512290 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 12670 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 1610800 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 236912640 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3561894989 bytes

 

Total Files Cleaned = 4.157,00 mb

 

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02082012_064625
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

searchqu 413 ist noch die Startseite beim Öffnen eines Browsers.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

TDSSKiller.exe wurde nach dem Download von Malware als Virus erkannt und entfernt!

Sowas nennt man Fehlalarm.
Virenscanner deaktivieren, TDSS-Killer nach o.g. Anlietung ausführen

TDSS.Killer:

Code:

15:52:44.0716 3784        TDSS rootkit removing tool 2.7.11.0 Feb  9 2012 10:12:57

15:52:44.0819 3784        ============================================================

15:52:44.0819 3784        Current date / time: 2012/02/10 15:52:44.0819

15:52:44.0819 3784        SystemInfo:

15:52:44.0819 3784        

15:52:44.0819 3784        OS Version: 6.0.6002 ServicePack: 2.0

15:52:44.0819 3784        Product type: Workstation

15:52:44.0819 3784        ComputerName: ***

15:52:44.0819 3784        UserName: ***

15:52:44.0819 3784        Windows directory: C:\Windows

15:52:44.0819 3784        System windows directory: C:\Windows

15:52:44.0819 3784        Running under WOW64

15:52:44.0819 3784        Processor architecture: Intel x64

15:52:44.0819 3784        Number of processors: 2

15:52:44.0819 3784        Page size: 0x1000

15:52:44.0819 3784        Boot type: Normal boot

15:52:44.0819 3784        ============================================================

15:52:45.0880 3784        Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:52:45.0893 3784        \Device\Harddisk0\DR0:

15:52:45.0894 3784        MBR used

15:52:45.0894 3784        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82

15:52:45.0899 3784        Initialize success

15:52:45.0899 3784        ============================================================

15:53:37.0994 4264        ============================================================

15:53:37.0994 4264        Scan started

15:53:37.0994 4264        Mode: Manual; SigCheck; TDLFS; 

15:53:37.0994 4264        ============================================================

15:53:38.0384 4264        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

15:53:38.0525 4264        ACPI - ok

15:53:38.0587 4264        adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

15:53:38.0634 4264        adp94xx - ok

15:53:38.0650 4264        adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

15:53:38.0654 4264        adpahci - ok

15:53:38.0670 4264        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

15:53:38.0682 4264        adpu160m - ok

15:53:38.0699 4264        adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

15:53:38.0707 4264        adpu320 - ok

15:53:38.0738 4264        AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

15:53:38.0788 4264        AFD - ok

15:53:38.0820 4264        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

15:53:38.0828 4264        agp440 - ok

15:53:38.0847 4264        aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

15:53:38.0857 4264        aic78xx - ok

15:53:38.0879 4264        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

15:53:38.0886 4264        aliide - ok

15:53:38.0895 4264        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

15:53:38.0902 4264        amdide - ok

15:53:38.0915 4264        AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

15:53:39.0040 4264        AmdK8 - ok

15:53:39.0078 4264        arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

15:53:39.0087 4264        arc - ok

15:53:39.0106 4264        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

15:53:39.0115 4264        arcsas - ok

15:53:39.0150 4264        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

15:53:39.0179 4264        AsyncMac - ok

15:53:39.0199 4264        atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

15:53:39.0208 4264        atapi - ok

15:53:39.0234 4264        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

15:53:39.0262 4264        avgntflt - ok

15:53:39.0281 4264        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

15:53:39.0300 4264        avipbb - ok

15:53:39.0320 4264        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

15:53:39.0351 4264        blbdrive - ok

15:53:39.0371 4264        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

15:53:39.0399 4264        bowser - ok

15:53:39.0429 4264        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

15:53:39.0512 4264        BrFiltLo - ok

15:53:39.0523 4264        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

15:53:39.0556 4264        BrFiltUp - ok

15:53:39.0577 4264        Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

15:53:39.0718 4264        Brserid - ok

15:53:39.0733 4264        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

15:53:39.0805 4264        BrSerWdm - ok

15:53:39.0816 4264        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

15:53:39.0876 4264        BrUsbMdm - ok

15:53:39.0891 4264        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

15:53:39.0955 4264        BrUsbSer - ok

15:53:39.0972 4264        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

15:53:40.0036 4264        BTHMODEM - ok

15:53:40.0064 4264        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

15:53:40.0102 4264        cdfs - ok

15:53:40.0122 4264        cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

15:53:40.0150 4264        cdrom - ok

15:53:40.0165 4264        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

15:53:40.0190 4264        circlass - ok

15:53:40.0214 4264        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

15:53:40.0242 4264        CLFS - ok

15:53:40.0304 4264        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

15:53:40.0312 4264        cmdide - ok

15:53:40.0338 4264        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

15:53:40.0346 4264        Compbatt - ok

15:53:40.0380 4264        cpuz135         (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys

15:53:40.0386 4264        cpuz135 - ok

15:53:40.0402 4264        crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

15:53:40.0410 4264        crcdisk - ok

15:53:40.0444 4264        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

15:53:40.0483 4264        DfsC - ok

15:53:40.0503 4264        DgiVecp - ok

15:53:40.0522 4264        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

15:53:40.0535 4264        disk - ok

15:53:40.0567 4264        drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

15:53:40.0597 4264        drmkaud - ok

15:53:40.0635 4264        DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

15:53:40.0673 4264        DXGKrnl - ok

15:53:40.0692 4264        E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

15:53:40.0732 4264        E1G60 - ok

15:53:40.0758 4264        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

15:53:40.0772 4264        Ecache - ok

15:53:40.0795 4264        elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

15:53:40.0810 4264        elxstor - ok

15:53:40.0831 4264        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

15:53:40.0861 4264        ErrDev - ok

15:53:40.0883 4264        exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

15:53:40.0914 4264        exfat - ok

15:53:40.0933 4264        fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

15:53:40.0961 4264        fastfat - ok

15:53:40.0974 4264        fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

15:53:40.0999 4264        fdc - ok

15:53:41.0015 4264        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

15:53:41.0024 4264        FileInfo - ok

15:53:41.0033 4264        Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

15:53:41.0058 4264        Filetrace - ok

15:53:41.0072 4264        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

15:53:41.0097 4264        flpydisk - ok

15:53:41.0117 4264        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

15:53:41.0128 4264        FltMgr - ok

15:53:41.0146 4264        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

15:53:41.0164 4264        Fs_Rec - ok

15:53:41.0186 4264        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

15:53:41.0221 4264        gagp30kx - ok

15:53:41.0237 4264        gdrv            (6275303610285b57361f03a375062fba) C:\Windows\gdrv.sys

15:53:41.0238 4264        gdrv - ok

15:53:41.0256 4264        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:53:41.0263 4264        GEARAspiWDM - ok

15:53:41.0303 4264        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

15:53:41.0333 4264        HdAudAddService - ok

15:53:41.0368 4264        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:53:41.0433 4264        HDAudBus - ok

15:53:41.0460 4264        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

15:53:41.0526 4264        HidBth - ok

15:53:41.0541 4264        HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

15:53:41.0594 4264        HidIr - ok

15:53:41.0619 4264        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

15:53:41.0640 4264        HidUsb - ok

15:53:41.0664 4264        HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

15:53:41.0671 4264        HpCISSs - ok

15:53:41.0707 4264        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

15:53:41.0769 4264        HTTP - ok

15:53:41.0775 4264        i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

15:53:41.0783 4264        i2omp - ok

15:53:41.0803 4264        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

15:53:41.0832 4264        i8042prt - ok

15:53:41.0857 4264        iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

15:53:41.0868 4264        iaStorV - ok

15:53:41.0915 4264        iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

15:53:41.0923 4264        iirsp - ok

15:53:41.0956 4264        IntcAzAudAddService - ok

15:53:41.0978 4264        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

15:53:41.0986 4264        intelide - ok

15:53:42.0011 4264        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

15:53:42.0045 4264        intelppm - ok

15:53:42.0072 4264        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:53:42.0106 4264        IpFilterDriver - ok

15:53:42.0117 4264        IpInIp - ok

15:53:42.0133 4264        IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

15:53:42.0168 4264        IPMIDRV - ok

15:53:42.0186 4264        IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

15:53:42.0258 4264        IPNAT - ok

15:53:42.0351 4264        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

15:53:42.0360 4264        IRENUM - ok

15:53:42.0379 4264        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

15:53:42.0389 4264        isapnp - ok

15:53:42.0411 4264        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

15:53:42.0425 4264        iScsiPrt - ok

15:53:42.0443 4264        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

15:53:42.0453 4264        iteatapi - ok

15:53:42.0459 4264        iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

15:53:42.0469 4264        iteraid - ok

15:53:42.0484 4264        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

15:53:42.0495 4264        kbdclass - ok

15:53:42.0520 4264        kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

15:53:42.0552 4264        kbdhid - ok

15:53:42.0580 4264        KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

15:53:42.0601 4264        KSecDD - ok

15:53:42.0610 4264        ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

15:53:42.0655 4264        ksthunk - ok

15:53:42.0679 4264        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

15:53:42.0759 4264        lltdio - ok

15:53:42.0779 4264        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

15:53:42.0791 4264        LSI_FC - ok

15:53:42.0813 4264        LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

15:53:42.0824 4264        LSI_SAS - ok

15:53:42.0852 4264        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

15:53:42.0865 4264        LSI_SCSI - ok

15:53:42.0892 4264        luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

15:53:42.0935 4264        luafv - ok

15:53:42.0962 4264        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

15:53:42.0971 4264        MBAMProtector - ok

15:53:43.0000 4264        megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

15:53:43.0011 4264        megasas - ok

15:53:43.0043 4264        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

15:53:43.0073 4264        MegaSR - ok

15:53:43.0081 4264        Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

15:53:43.0123 4264        Modem - ok

15:53:43.0135 4264        monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

15:53:43.0169 4264        monitor - ok

15:53:43.0184 4264        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

15:53:43.0195 4264        mouclass - ok

15:53:43.0210 4264        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

15:53:43.0250 4264        mouhid - ok

15:53:43.0256 4264        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

15:53:43.0269 4264        MountMgr - ok

15:53:43.0291 4264        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

15:53:43.0302 4264        mpio - ok

15:53:43.0318 4264        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

15:53:43.0350 4264        mpsdrv - ok

15:53:43.0388 4264        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

15:53:43.0404 4264        Mraid35x - ok

15:53:43.0404 4264        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

15:53:43.0423 4264        MRxDAV - ok

15:53:43.0451 4264        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:53:43.0478 4264        mrxsmb - ok

15:53:43.0508 4264        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:53:43.0526 4264        mrxsmb10 - ok

15:53:43.0550 4264        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:53:43.0565 4264        mrxsmb20 - ok

15:53:43.0587 4264        msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

15:53:43.0598 4264        msahci - ok

15:53:43.0621 4264        msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

15:53:43.0633 4264        msdsm - ok

15:53:43.0653 4264        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

15:53:43.0693 4264        Msfs - ok

15:53:43.0704 4264        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

15:53:43.0715 4264        msisadrv - ok

15:53:43.0733 4264        MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

15:53:43.0767 4264        MSKSSRV - ok

15:53:43.0793 4264        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

15:53:43.0832 4264        MSPCLOCK - ok

15:53:43.0843 4264        MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

15:53:43.0889 4264        MSPQM - ok

15:53:43.0917 4264        MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

15:53:43.0934 4264        MsRPC - ok

15:53:43.0952 4264        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

15:53:43.0962 4264        mssmbios - ok

15:53:43.0972 4264        MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

15:53:44.0015 4264        MSTEE - ok

15:53:44.0032 4264        Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

15:53:44.0044 4264        Mup - ok

15:53:44.0086 4264        NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

15:53:44.0113 4264        NativeWifiP - ok

15:53:44.0155 4264        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

15:53:44.0189 4264        NDIS - ok

15:53:44.0212 4264        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

15:53:44.0237 4264        NdisTapi - ok

15:53:44.0248 4264        Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

15:53:44.0287 4264        Ndisuio - ok

15:53:44.0297 4264        NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

15:53:44.0332 4264        NdisWan - ok

15:53:44.0338 4264        NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

15:53:44.0368 4264        NDProxy - ok

15:53:44.0381 4264        NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

15:53:44.0425 4264        NetBIOS - ok

15:53:44.0472 4264        netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

15:53:44.0503 4264        netbt - ok

15:53:44.0510 4264        nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

15:53:44.0520 4264        nfrd960 - ok

15:53:44.0541 4264        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

15:53:44.0574 4264        Npfs - ok

15:53:44.0588 4264        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

15:53:44.0627 4264        nsiproxy - ok

15:53:44.0665 4264        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

15:53:44.0714 4264        Ntfs - ok

15:53:44.0744 4264        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

15:53:44.0778 4264        Null - ok

15:53:44.0982 4264        nvlddmkm        (ebdf9425b7af53e0423efe89bb11cfd2) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:53:45.0414 4264        nvlddmkm - ok

15:53:45.0437 4264        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

15:53:45.0446 4264        nvraid - ok

15:53:45.0463 4264        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

15:53:45.0471 4264        nvstor - ok

15:53:45.0492 4264        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

15:53:45.0500 4264        nv_agp - ok

15:53:45.0506 4264        NwlnkFlt - ok

15:53:45.0512 4264        NwlnkFwd - ok

15:53:45.0570 4264        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

15:53:45.0601 4264        ohci1394 - ok

15:53:45.0602 4264        Parport         (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

15:53:45.0634 4264        Parport - ok

15:53:45.0659 4264        partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

15:53:45.0668 4264        partmgr - ok

15:53:45.0677 4264        pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

15:53:45.0688 4264        pci - ok

15:53:45.0703 4264        pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

15:53:45.0711 4264        pciide - ok

15:53:45.0735 4264        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

15:53:45.0744 4264        pcmcia - ok

15:53:45.0766 4264        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

15:53:45.0855 4264        PEAUTH - ok

15:53:45.0869 4264        PLCNDIS5 - ok

15:53:45.0905 4264        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

15:53:45.0939 4264        PptpMiniport - ok

15:53:45.0959 4264        Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

15:53:46.0002 4264        Processor - ok

15:53:46.0028 4264        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

15:53:46.0053 4264        PSched - ok

15:53:46.0088 4264        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

15:53:46.0188 4264        ql2300 - ok

15:53:46.0226 4264        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

15:53:46.0237 4264        ql40xx - ok

15:53:46.0262 4264        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

15:53:46.0294 4264        QWAVEdrv - ok

15:53:46.0310 4264        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

15:53:46.0347 4264        RasAcd - ok

15:53:46.0393 4264        Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:53:46.0427 4264        Rasl2tp - ok

15:53:46.0452 4264        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

15:53:46.0478 4264        RasPppoe - ok

15:53:46.0502 4264        RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

15:53:46.0523 4264        RasSstp - ok

15:53:46.0545 4264        rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

15:53:46.0582 4264        rdbss - ok

15:53:46.0589 4264        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:53:46.0638 4264        RDPCDD - ok

15:53:46.0669 4264        rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

15:53:46.0695 4264        rdpdr - ok

15:53:46.0702 4264        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

15:53:46.0745 4264        RDPENCDD - ok

15:53:46.0769 4264        RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

15:53:46.0811 4264        RDPWD - ok

15:53:46.0843 4264        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

15:53:46.0878 4264        rspndr - ok

15:53:46.0913 4264        RTL8169         (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys

15:53:46.0944 4264        RTL8169 - ok

15:53:46.0980 4264        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

15:53:46.0991 4264        sbp2port - ok

15:53:47.0012 4264        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:53:47.0068 4264        secdrv - ok

15:53:47.0089 4264        Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

15:53:47.0132 4264        Serenum - ok

15:53:47.0165 4264        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

15:53:47.0214 4264        Serial - ok

15:53:47.0230 4264        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

15:53:47.0279 4264        sermouse - ok

15:53:47.0302 4264        sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

15:53:47.0340 4264        sffdisk - ok

15:53:47.0351 4264        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

15:53:47.0394 4264        sffp_mmc - ok

15:53:47.0404 4264        sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

15:53:47.0444 4264        sffp_sd - ok

15:53:47.0453 4264        sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

15:53:47.0515 4264        sfloppy - ok

15:53:47.0537 4264        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

15:53:47.0548 4264        SiSRaid2 - ok

15:53:47.0567 4264        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

15:53:47.0579 4264        SiSRaid4 - ok

15:53:47.0604 4264        Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

15:53:47.0635 4264        Smb - ok

15:53:47.0660 4264        spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

15:53:47.0672 4264        spldr - ok

15:53:47.0689 4264        srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

15:53:47.0752 4264        srv - ok

15:53:47.0767 4264        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

15:53:47.0802 4264        srv2 - ok

15:53:47.0824 4264        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

15:53:47.0847 4264        srvnet - ok

15:53:47.0878 4264        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys

15:53:47.0887 4264        SSPORT - ok

15:53:47.0906 4264        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

15:53:47.0916 4264        swenum - ok

15:53:47.0941 4264        Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

15:53:47.0952 4264        Symc8xx - ok

15:53:47.0968 4264        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

15:53:47.0978 4264        Sym_hi - ok

15:53:47.0987 4264        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

15:53:47.0998 4264        Sym_u3 - ok

15:53:48.0053 4264        Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys

15:53:48.0108 4264        Tcpip - ok

15:53:48.0151 4264        Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys

15:53:48.0212 4264        Tcpip6 - ok

15:53:48.0244 4264        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

15:53:48.0284 4264        tcpipreg - ok

15:53:48.0297 4264        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

15:53:48.0334 4264        TDPIPE - ok

15:53:48.0349 4264        TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

15:53:48.0391 4264        TDTCP - ok

15:53:48.0411 4264        tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

15:53:48.0442 4264        tdx - ok

15:53:48.0463 4264        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

15:53:48.0476 4264        TermDD - ok

15:53:48.0497 4264        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:53:48.0533 4264        tssecsrv - ok

15:53:48.0650 4264        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

15:53:48.0658 4264        TuneUpUtilitiesDrv - ok

15:53:48.0673 4264        tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

15:53:48.0708 4264        tunmp - ok

15:53:48.0714 4264        tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

15:53:48.0745 4264        tunnel - ok

15:53:48.0760 4264        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

15:53:48.0771 4264        uagp35 - ok

15:53:48.0820 4264        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

15:53:48.0851 4264        udfs - ok

15:53:48.0857 4264        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

15:53:48.0868 4264        uliagpkx - ok

15:53:48.0884 4264        uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

15:53:48.0900 4264        uliahci - ok

15:53:48.0915 4264        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

15:53:48.0926 4264        UlSata - ok

15:53:48.0938 4264        ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

15:53:48.0950 4264        ulsata2 - ok

15:53:48.0966 4264        umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

15:53:49.0000 4264        umbus - ok

15:53:49.0023 4264        USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

15:53:49.0044 4264        USBAAPL64 - ok

15:53:49.0064 4264        usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

15:53:49.0099 4264        usbccgp - ok

15:53:49.0110 4264        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

15:53:49.0168 4264        usbcir - ok

15:53:49.0185 4264        usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

15:53:49.0219 4264        usbehci - ok

15:53:49.0229 4264        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

15:53:49.0268 4264        usbhub - ok

15:53:49.0288 4264        usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

15:53:49.0353 4264        usbohci - ok

15:53:49.0375 4264        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

15:53:49.0409 4264        usbprint - ok

15:53:49.0424 4264        USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:53:49.0454 4264        USBSTOR - ok

15:53:49.0465 4264        usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

15:53:49.0498 4264        usbuhci - ok

15:53:49.0520 4264        vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

15:53:49.0559 4264        vga - ok

15:53:49.0566 4264        VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

15:53:49.0603 4264        VgaSave - ok

15:53:49.0627 4264        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

15:53:49.0636 4264        viaide - ok

15:53:49.0643 4264        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

15:53:49.0657 4264        volmgr - ok

15:53:49.0688 4264        volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

15:53:49.0705 4264        volmgrx - ok

15:53:49.0725 4264        volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

15:53:49.0737 4264        volsnap - ok

15:53:49.0760 4264        vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

15:53:49.0770 4264        vsmraid - ok

15:53:49.0780 4264        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

15:53:49.0831 4264        WacomPen - ok

15:53:49.0852 4264        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

15:53:49.0904 4264        Wanarp - ok

15:53:49.0904 4264        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

15:53:49.0920 4264        Wanarpv6 - ok

15:53:49.0921 4264        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

15:53:49.0929 4264        Wd - ok

15:53:49.0943 4264        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

15:53:49.0968 4264        Wdf01000 - ok

15:53:50.0003 4264        WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

15:53:50.0037 4264        WmiAcpi - ok

15:53:50.0057 4264        ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

15:53:50.0088 4264        ws2ifsl - ok

15:53:50.0117 4264        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:53:50.0142 4264        WUDFRd - ok

15:53:50.0179 4264        xnacc           (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys

15:53:50.0266 4264        xnacc - ok

15:53:50.0294 4264        xusb21          (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

15:53:50.0305 4264        xusb21 - ok

15:53:50.0317 4264        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

15:53:50.0375 4264        \Device\Harddisk0\DR0 - ok

15:53:50.0378 4264        Boot (0x1200)   (db57abb772317292afa6d8dd700a20f4) \Device\Harddisk0\DR0\Partition0

15:53:50.0379 4264        \Device\Harddisk0\DR0\Partition0 - ok

15:53:50.0379 4264        ============================================================

15:53:50.0379 4264        Scan finished

15:53:50.0379 4264        ============================================================

15:53:50.0391 3972        Detected object count: 0

15:53:50.0391 3972        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

ComboFix 12-02-10.01 - Guiseppe 10.02.2012  18:04:03.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4093.2461 [GMT 1:00]

ausgeführt von:: c:\users\Guiseppe\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-10 bis 2012-02-10  ))))))))))))))))))))))))))))))

.

.

2012-02-10 17:10 . 2012-02-10 17:12        --------        d-----w-        c:\users\Guiseppe\AppData\Local\temp

2012-02-10 17:10 . 2012-02-10 17:10        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-02-10 17:10 . 2012-02-10 17:10        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-08 05:46 . 2012-02-08 05:46        --------        d-----w-        C:\_OTL

2012-02-05 16:02 . 2012-02-05 16:02        --------        d-----w-        c:\users\Guiseppe\AppData\Roaming\Malwarebytes

2012-02-05 16:01 . 2012-02-05 16:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-05 16:01 . 2012-02-05 16:01        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-05 16:01 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-04 19:52 . 2011-12-14 11:23        34624        ----a-w-        c:\windows\system32\TURegOpt.exe

2012-02-04 19:52 . 2011-12-14 11:23        25920        ----a-w-        c:\windows\system32\authuitu.dll

2012-02-04 19:52 . 2011-12-14 11:23        21312        ----a-w-        c:\windows\SysWow64\authuitu.dll

2012-02-04 19:52 . 2012-02-04 19:52        --------        d-----w-        c:\users\Guiseppe\AppData\Roaming\TuneUp Software

2012-02-04 19:52 . 2012-02-04 19:52        --------        d-----w-        c:\program files (x86)\TuneUp Utilities 2012

2012-02-04 19:51 . 2012-02-04 19:52        --------        d-----w-        c:\programdata\TuneUp Software

2012-02-04 19:41 . 2012-02-04 19:41        --------        d-----w-        c:\programdata\boost_interprocess

2012-02-03 15:18 . 2011-12-08 12:28        311296        ----a-w-        c:\windows\SysWow64\TubeFinder.exe

2012-02-03 15:18 . 2011-09-28 08:18        9728        ----a-w-        c:\windows\SysWow64\PCCLPFR.DLL

2012-02-03 15:18 . 2011-09-28 08:18        84512        ----a-w-        c:\windows\SysWow64\PICCLP32.OCX

2012-02-03 15:18 . 2011-09-28 08:18        364544        ----a-w-        c:\windows\SysWow64\PropertyGrid.ocx

2012-02-03 15:18 . 2011-09-28 08:18        32768        ----a-w-        c:\windows\SysWow64\CMDLGFR.DLL

2012-02-03 15:18 . 2011-09-28 08:18        24576        ----a-w-        c:\windows\SysWow64\ControlSubX.ocx

2012-02-03 15:18 . 2011-09-28 08:18        152848        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX

2012-02-03 15:18 . 2011-09-28 08:18        141312        ----a-w-        c:\windows\SysWow64\MSCMCFR.DLL

2012-02-03 15:18 . 2011-09-28 08:18        119568        ----a-w-        c:\windows\SysWow64\VB6FR.DLL

2012-02-03 15:18 . 2011-09-28 08:18        101888        ----a-w-        c:\windows\SysWow64\VB6STKIT.DLL

2012-02-03 15:18 . 2012-02-03 15:35        --------        d-----w-        c:\program files (x86)\Free FLV Converter

2012-02-03 15:18 . 2012-02-03 15:25        --------        d-----w-        c:\users\Guiseppe\AppData\Roaming\FreeFLVConverter

2012-01-31 05:40 . 2011-11-17 06:53        515968        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-31 05:40 . 2011-11-16 16:43        442368        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-31 05:40 . 2011-11-16 16:42        94720        ----a-w-        c:\windows\system32\secur32.dll

2012-01-31 05:40 . 2011-11-16 16:42        347136        ----a-w-        c:\windows\system32\schannel.dll

2012-01-31 05:40 . 2011-11-16 16:41        1689600        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-31 05:40 . 2011-11-16 16:24        77312        ----a-w-        c:\windows\SysWow64\secur32.dll

2012-01-31 05:40 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\SysWow64\winhttp.dll

2012-01-31 05:40 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\SysWow64\schannel.dll

2012-01-31 05:40 . 2011-11-16 14:34        11264        ----a-w-        c:\windows\system32\lsass.exe

2012-01-23 05:23 . 2012-01-23 05:23        --------        d-----w-        c:\programdata\WindowsSearch

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-10 17:12 . 2011-06-24 07:11        24072        ----a-w-        c:\windows\gdrv.sys

2011-12-30 10:22 . 2011-06-24 15:21        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-25 16:25 . 2012-01-11 09:27        451072        ----a-w-        c:\windows\system32\winsrv.dll

2011-11-23 13:57 . 2011-12-16 18:51        2764800        ----a-w-        c:\windows\system32\win32k.sys

2011-11-18 20:55 . 2012-01-11 09:27        1585152        ----a-w-        c:\windows\system32\ntdll.dll

2011-11-18 20:55 . 2012-01-11 09:27        1167984        ----a-w-        c:\windows\SysWow64\ntdll.dll

2011-11-18 18:07 . 2012-01-11 09:27        76800        ----a-w-        c:\windows\system32\packager.dll

2011-11-18 17:47 . 2012-01-11 09:27        66560        ----a-w-        c:\windows\SysWow64\packager.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-01-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Guiseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0OODBS

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302328129-1709802029-363408948-1000Core.job

- c:\users\Guiseppe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 14:58]

.

2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2302328129-1709802029-363408948-1000UA.job

- c:\users\Guiseppe\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 14:58]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = %SystemRoot%\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\Guiseppe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Guiseppe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2302328129-1709802029-363408948-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:81,f9,a2,ac,d2,64,cf,39,08,b3,1b,cc,ee,9a,b1,7a,be,05,62,6f,19,2f,b2,

   81,b8,c9,42,76,17,03,73,4b,8e,a4,87,c2,5a,e4,f4,52,f2,1a,0a,06,62,35,aa,58,\

"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

.

[HKEY_USERS\S-1-5-21-2302328129-1709802029-363408948-1000\Software\SecuROM\License information*]

"datasecu"=hex:36,57,73,44,09,e3,50,88,98,21,77,16,cc,d5,26,82,72,56,92,7e,51,

   c7,ec,cd,21,6b,4d,a0,76,d1,33,68,f3,97,4e,9e,bb,49,13,cb,30,c6,29,5c,cf,67,\

"rkeysecu"=hex:7a,b5,f1,e6,be,fc,1d,9b,2d,46,bd,7f,73,da,0d,ad

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG14.00.00.01PROFESSIONAL"="EFE4B1CD273040A431A36B4F663A816D032E5AB9DC17FADE03000409F75D47F348BD4C2AA334A654B4375FC46804650AD742265992746000E2E54B2FED3D125D29CCD50F91CAACA9B1164BCFB9A9D0BB5EE46933304842031ACF6C924909401A9B95615D6B245C2BBAA8925F2F516DA7D1027BE284508AC6ABD0CD9E6D349F610EEF09EBCC07828EC72AA0D53EB72A9FD05B377A7CDCE9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E6675D575E7D6A3B98089DB7CE019D40AA5C53771F4D55C7DDEBC02952A614426AE05E8435816C33A240C18D5BB03CEF2D0B0BFE53645AB31FC6586240E17600BA408CCAC1C5C21F83D4E114ABDD712B1BD0CCB3938E81A77265351F20C7DA2ECC9EF5BA3A8D3A270E76B65D818F6F96DB70096614CBE6730C4DE458ABC90B1569C1E614FD5BE82B404DE815FDF737CBC113E448DEA39909B2C72969EE5FC0A06CB55C7BBEB758302B4654C71AD2C08935243970501E1C00C2637712CE042F60C4480A7A85AC05E0F39109E6A1D9F3B02D551157994B6614A9F2F8747E36F609788E547B2ACBDE07D2A3C747B44E2F483A1D2E5EBEB96122EB8C8C98097732719FDE58D05DA7CB1616320B23C5F545797EB3044698806EAE2289426BCB4F6C9666D3E3ACA15825219F3D7C171F19FB12AF17BCB5D43ADF5FF388DF3AF8C7A5980DCBF72A4CF8B763E3817C2559040D859787B2B7F2037B8024EBDFB894F052B9666DCCC30B2BC3B66C851FB26687266716897839C7FC7D7F8459EE7F7B5C59E25C9B4C59D98F009ED58FAA8888776A739B67520D7D4F16F0FB3BED0959A097A06B8495310D4F13BE52AC1C55D92E6F06AFAEB76A9021658A86BF74B430D7DD2123167AF24B961DDFA7ADA029C307BEA26C2F55EB50A084A733D94946D5A2EEBA2803012B0F14ACEFAC251E7A87E2576DFE7E0C0EE2017DC6A53EECE3F3218263B14364C9267CC7FE516D2C2138A72A32ABF67036C0F6D00B15678E1C88FC46B68E921423B507E64216A093DC3EBB9D5E47B44BA7B63C70BB4B15155BE65ED8761CEE317032EEF7920F1F564CD40D8C033C18980FE48EC2C229C7997532F3CE85CF9A13CCE7735A6C668E28770B0D4455094788F941AE23302245E8A265F12F6BB22044B9F4D8E5725AD56E46472E0631BF2C01D993E3E1B5BC1906FDCD8EF7D45FC6829C4BE7E0E6BAA1C6863EEB889387721A87F87741AB941025088E8318118721403B346A8934ECE100E87CC0F69F998B1F3BE2B5778C58BD31A11C8FF314EF7F2544C73111E7EB4A9D0463AD6D19C42D129414F0B0F5CCF7C594C0F6E2F5EE7A0BC5768F9B31C2D3D6D026B7006AEA50A61528FE8B2C4758368A1AFD31F271EC8037825D43E593BA97"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-10  18:16:47 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-02-10 17:16

.

Vor Suchlauf: 15 Verzeichnis(se), 473.200.189.440 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 473.553.625.088 Bytes frei

.

- - End Of File - - 334FCB10AC9705C9998F86DF3D9525B3

Bitteschön :)

Im IE ist jetzt kein searchqu als Startseite mehr...