Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   FBDownloader PopUp (https://www.trojaner-board.de/127106-fbdownloader-popup.html)

ph1979 16.11.2012 19:45
FBDownloader PopUp
 
Hallo,

auf meinem Laptop kommt seit einigen Tagen nach dem Start von Windows immer wieder die Popup Meldung von FBDownloader mit dem Hinweis meine Startseite im Web-Browser zu ändern. Da ich davon ausgehe, dass FBDownloader eine schädliche Software ist, bitte ich um Auswertung meiner Logfiles und Hilfestellung.

Ich habe wie hier beschrieben die Anleitung befolgt.

Hier die jeweiligen Logfiles:
OTL (OTL.txt)
Code:
OTL logfile created on: 15.11.2012 23:03:32 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\TCB\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 52,22% Memory free
3,21 Gb Paging File | 1,95 Gb Available in Paging File | 60,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434,66 Gb Total Space | 382,53 Gb Free Space | 88,01% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
 
Computer Name: TCB-PC | User Name: TCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.15 23:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe
PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012.06.07 09:26:34 | 005,933,480 | ---- | M] (Systweak) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2012.04.01 16:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.03 02:29:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2011.06.03 02:29:08 | 001,813,800 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2011.05.17 23:26:40 | 001,546,856 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2011.04.14 17:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.06 12:52:54 | 001,070,080 | ---- | M] () -- C:\Program Files\watchmi\TvdTray.exe
PRC - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () -- C:\Program Files\watchmi\TvdService.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.09 20:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.11.09 20:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.11.04 19:07:20 | 002,482,176 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2010.08.03 23:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 22:42:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.15 22:41:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.15 22:41:47 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
MOD - [2012.11.15 22:41:45 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012.11.15 22:41:43 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012.11.15 22:41:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012.11.15 22:40:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 22:40:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 22:40:28 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f2fb3f4856c403795db6db3f354f1f0b\System.Deployment.ni.dll
MOD - [2012.11.15 22:40:23 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012.11.15 22:39:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.15 22:39:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.15 22:39:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 22:39:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 22:39:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.06.07 09:26:40 | 001,729,960 | ---- | M] () -- C:\Program Files\Advanced System Protector\aspsys.dll
MOD - [2012.04.01 16:04:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.01 16:04:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.01 16:04:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.01 16:04:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.01 16:04:00 | 000,385,024 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\HtcDetect.dll
MOD - [2012.04.01 16:04:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.01 16:04:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.01 16:04:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.01 16:04:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012.03.01 10:56:29 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
MOD - [2011.12.25 21:42:15 | 005,255,168 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011.11.11 17:22:10 | 000,886,272 | ---- | M] () -- C:\Program Files\Advanced System Protector\System.Data.SQLite.dll
MOD - [2011.05.12 17:08:30 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.05.12 17:08:05 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2011.05.12 17:07:51 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.12.06 12:52:54 | 001,070,080 | ---- | M] () -- C:\Program Files\watchmi\TvdTray.exe
MOD - [2010.12.06 12:52:54 | 000,004,608 | ---- | M] () -- C:\Program Files\watchmi\de\TvdTray.resources.dll
MOD - [2010.11.20 22:29:48 | 005,988,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2010.11.20 22:29:48 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2010.11.20 22:29:48 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2010.11.20 22:29:48 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2010.11.20 22:29:42 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010.11.20 22:29:20 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010.11.20 22:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.11.20 22:29:11 | 000,839,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
MOD - [2010.11.20 22:29:07 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010.11.20 22:29:07 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.10 23:38:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.03 23:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.03 23:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.06.10 22:14:47 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
MOD - [2009.06.10 22:14:43 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.03.03 12:22:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.09 20:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.15 00:16:10 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2011.04.13 17:30:04 | 000,161,024 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.04.13 17:30:02 | 000,067,456 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.30 13:40:04 | 000,226,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010.11.29 02:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.17 06:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.09 21:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.11.09 20:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.04 17:52:50 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010.11.04 17:52:50 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010.10.12 13:11:08 | 000,997,992 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2010.09.23 20:44:58 | 000,084,776 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2010.06.23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.25 04:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfat203fbdgy20
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {5A96F133-285E-4F47-940E-C2D70DFD0000}
IE - HKCU\..\SearchScopes\{5A96F133-285E-4F47-940E-C2D70DFD0000}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_deAT473
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8EB622A1-D669-4A37-8ABE-986CE53B5664}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=851269f0-89d2-439f-bf32-87c95408b39f&apn_sauid=A26B8B56-5982-44E6-965C-E880347D80B7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfat203fbdgy20&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1jR8dAuF2zB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\TCB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo\2.3.16.7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {553318DA-D010-469E-84B1-496563CAE1BF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DataMgr] C:\Users\TCB\AppData\Roaming\DataMgr\datamgr.exe (HTTO Group, Ltd.)
O4 - HKCU..\Run: [Protector] C:\Users\TCB\AppData\Roaming\SDIV 2.0\Prot\prot.vbs ()
O4 - HKCU..\Run: [TU] C:\Users\TCB\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D51CC-B61D-49CC-923E-133CEAFDF57E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27667974-0BD0-4355-A9BA-FB9E444F90FE}: DhcpNameServer = 10.0.0.138 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24482b87-9b94-11e1-8c34-6c626d332603}\Shell - "" = AutoRun
O33 - MountPoints2\{24482b87-9b94-11e1-8c34-6c626d332603}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{4057a26f-21e0-11e2-8c41-e0b9a55725cd}\Shell - "" = AutoRun
O33 - MountPoints2\{4057a26f-21e0-11e2-8c41-e0b9a55725cd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{cc1f12c5-dd3f-11e1-87eb-6c626d332603}\Shell - "" = AutoRun
O33 - MountPoints2\{cc1f12c5-dd3f-11e1-87eb-6c626d332603}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.15 23:02:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe
[2012.11.15 22:26:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.12 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\TuneUp Software
[2012.11.12 19:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.12 19:56:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.12 19:56:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.30 00:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
[2012.10.30 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2012.10.30 00:02:57 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\IM
[2012.10.30 00:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[2012.10.30 00:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2012.10.30 00:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2012.10.30 00:01:37 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\CRE
[2012.10.30 00:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012.10.30 00:00:43 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\Conduit
[2012.10.29 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\Leadertech
[2012.10.29 17:02:53 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\SDIV 2.0
[2012.10.29 17:02:34 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\HMN
[2012.10.29 17:02:34 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\DataMgr
[2012.10.29 17:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.15 23:02:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe
[2012.11.15 23:01:29 | 000,000,000 | ---- | M] () -- C:\Users\TCB\defogger_reenable
[2012.11.15 23:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.15 23:00:31 | 000,050,477 | ---- | M] () -- C:\Users\TCB\Desktop\Defogger.exe
[2012.11.15 22:45:47 | 000,017,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 22:45:47 | 000,017,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.15 22:42:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.15 22:37:57 | 000,281,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 22:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.15 22:37:18 | 1291,849,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 22:32:05 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 22:32:05 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 22:32:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 22:32:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.12 20:09:23 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.30 00:01:45 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.29 17:02:23 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.15 23:01:29 | 000,000,000 | ---- | C] () -- C:\Users\TCB\defogger_reenable
[2012.11.15 23:00:31 | 000,050,477 | ---- | C] () -- C:\Users\TCB\Desktop\Defogger.exe
[2012.11.15 22:22:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 22:21:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.30 00:01:05 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.29 17:02:23 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.09.08 19:00:32 | 004,503,728 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2011.05.13 19:25:58 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.05.13 19:13:20 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.13 18:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.13 17:49:31 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.05.13 17:49:31 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.12 17:12:52 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.05.12 17:12:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.05.12 17:12:52 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.05.12 17:12:52 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.10.29 17:02:35 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\DataMgr
[2012.10.29 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\HMN
[2012.04.24 18:44:06 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\HTC
[2012.04.24 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.10.29 17:58:47 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Leadertech
[2012.10.29 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\SDIV 2.0
[2012.09.16 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Systweak
[2012.11.12 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\TuneUp Software
[2012.04.23 12:29:10 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
OTL(Extras.txt)
Code:
OTL Extras logfile created on: 15.11.2012 23:03:32 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\TCB\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 52,22% Memory free
3,21 Gb Paging File | 1,95 Gb Available in Paging File | 60,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434,66 Gb Total Space | 382,53 Gb Free Space | 88,01% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,01 Gb Free Space | 0,02% Space Free | Partition Type: NTFS
 
Computer Name: TCB-PC | User Name: TCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023EBDD4-D623-4424-89BF-6C55F21BCF0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{0647C6A0-FF7A-49D2-A70D-0057E79C089F}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A92B3B1-4C1C-4306-89E1-DDF27E7ACFA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{117C40C3-19DD-4EAB-9FE7-694DD9416E8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17046C67-7071-4B88-B70B-73FABF4E2496}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{194173FD-50DC-4F2A-B9F5-93B6B22D729F}" = rport=137 | protocol=17 | dir=out | app=system |
"{22242611-19C2-4816-90DA-46307C3F7DAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25897280-CB1F-4B00-879E-BC22248F0A3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{27E3D25C-74A0-4A2E-804C-B1A625629924}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28E09ED9-8B77-403B-B464-F90A88D2106B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28EB9130-284B-40ED-9891-2B1B7242FC58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FF193D7-172E-438A-87D5-FED8185A1A6F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4DCA082B-E160-4817-9719-05A1B24E9C22}" = lport=138 | protocol=17 | dir=in | app=system |
"{58558ACE-B042-4778-AFCC-97A883895E86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D6553F3-0042-4DEE-9B4E-2FEB147446CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{81E33064-AF29-4339-986F-6DFD3CBEB08B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{856636F7-1DF4-4D6A-B8D4-18893EA420D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{933D1898-63FE-4B06-88B7-BC711381C7F5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A7C2948C-254E-4401-AFFB-055B04C41DD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA6D8979-1698-4C87-A0CA-1F9CC3DFC253}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AACBF8CC-BB4A-45A3-9F02-BE036C404291}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B144ABAC-002E-478E-B7B6-D6DEA982227B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2209CD8-1FA4-4421-BFF9-FAD96E05D1E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6292818-A56E-498C-BCED-BE69C13FAC3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D027B0E4-BD4E-4C6D-A018-823D7F80379B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E12774C8-5300-439F-ABAF-925A89591E78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3EA8D24-76AB-41D7-AE48-C208DD839071}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F54D4B03-199B-4038-99F1-EDBE869BFFDE}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B0EB27-057D-4214-8139-2A7CCA5E5BFC}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1372F681-33D6-4279-AA93-662B4B3FD061}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19FF63CC-1BFA-4F19-859D-AA8F99314AC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20A79CE5-ACE4-475F-89DC-A81D04AB2FA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{264EAB0E-392C-4542-A4F6-6D8457A44EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{285E1F59-78D0-44F7-BE61-16BA6B34FA61}" = protocol=6 | dir=out | app=system |
"{4E408902-922D-4754-9ABD-ADB2C7685C0E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4EAD8F29-5244-452B-9D4A-799DF2FDAE0C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{64201A62-2F27-492F-A0FB-03643197A104}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DC4D770-64B2-4FF3-8047-A0934B24AF9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E442E0A-5EE1-4227-8D23-A3467AB9ACD4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6E85E7B3-65C5-41B2-AC54-EDC16608A48E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{720A35F2-DA13-4039-B0DE-91155A2A77ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73721FFF-BD0F-4B54-A2E7-89885DA2332E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{76B3DC81-C85A-49B1-ABB2-89BB24AF9191}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{76E715FC-859A-4FA1-8F7B-F5C05F058372}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79F0CDE4-43AD-4E32-9496-9E2590CA75B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D9A1255-ACDF-4BC9-B3AE-EA803799A829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{894FE6C0-2956-4BC4-A71F-99AC9EFD39B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9BBEF94B-899E-4F07-9C2F-E89D7E07F56C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2BCC575-19A2-405E-94B2-7CA70BAB18FC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{A8EB5890-7043-4620-A3C5-4D04763FCB0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B13D7B14-15FE-4C07-8259-004267930EA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7DE20D2-1047-445C-BF59-3BE39B10A137}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BDD81686-DFB0-4946-99D3-2AD4EA0F3D72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE2BD37A-C460-4649-83E0-E5C5AA2C9F53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0324A887-8199-CEB6-3259-92F728D10B04}" = CCC Help Danish
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07536181-6201-8327-2599-2A005F754439}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AA47BF-9218-C18C-D8E1-20F70B430108}" = CCC Help Thai
"{21169EC4-AAC1-063C-5DCC-4BB3B940191A}" = ccc-utility
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F206CA5-B50E-E255-BE2C-B1045EA50BD9}" = CCC Help Italian
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D9008D-5D2A-E4FB-EED9-740E7C469EC1}" = CCC Help Chinese Traditional
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4265110C-AFEA-F029-D950-EC6916DE01AD}" = ATI Catalyst Install Manager
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59682D7F-15D4-4DE1-5B09-97F6F5BBE0EF}" = ccc-core-static
"{609FEDFB-D745-FADA-BB34-562D1A9BD7E9}" = CCC Help English
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{704F6A89-8213-7778-14B2-81F0EC168B53}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8834E598-0C12-255D-3C8B-04CECCCC0B52}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEF08A8-BEFA-B590-62CD-F6BABFC04920}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB23C1D-5EA1-679C-593E-D8471537EC6E}" = Catalyst Control Center Profiles Mobile
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{972D40CF-95CF-17AF-8261-A3E82EF0AE9E}" = Catalyst Control Center Localization All
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FE31B9F-D10D-9DAE-995B-D55E07AC1CA8}" = CCC Help Russian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACA9C87E-C678-5013-7B43-6EAE550C0C38}" = CCC Help Czech
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE3C3BA0-82F9-A894-1819-5BD78F6A22A2}" = Catalyst Control Center InstallProxy
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE388125-412B-84A7-D9A1-B3508BF025E7}" = WMV9/VC-1 Video Playback
"{C2956217-9859-CF6A-9029-CB5BA7287D5B}" = CCC Help Korean
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2CA0239-7CA4-E535-FAB4-90F90907B623}" = CCC Help Swedish
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3C3A37F-11A7-9F26-7F2A-49359EE4B359}" = CCC Help Greek
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C77FB997-AE80-D6B7-F6EF-932A01D460D7}" = CCC Help Chinese Standard
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0774FA-1114-0650-0DD5-FAEBDFCBC513}" = CCC Help German
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DC78B037-59D9-2101-2276-9BA1BD06C634}" = CCC Help Spanish
"{DCAECA45-E848-3EBB-6E76-9CAAE3BC591C}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF9958AE-4EBE-809B-D3D3-5CAFF3F47A3C}" = CCC Help Norwegian
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F87B5CC4-C415-1918-3507-352F9B983335}" = CCC Help French
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCE5D557-C5EB-F671-84CE-8F62EBDAAD1F}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Elantech" = ETDWare PS/2-X86 8.0.5.4_WHQL
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.11.2012 06:21:06 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1768    Startzeit: 01cdbc082eaa944f    Endzeit: 63    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 06:22:40 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: c94    Startzeit: 01cdbc086eaff1a4    Endzeit: 120    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 06:23:31 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 7a4    Startzeit: 01cdbc08a6718e86    Endzeit: 42    Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 14:49:27 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 154c    Startzeit: 01cdbc4f07b35a18    Endzeit: 78    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 14:51:37 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e28    Startzeit: 01cdbc4f98e44afa    Endzeit: 46    Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 14:58:43 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 8e0    Startzeit: 01cdbc505a1e4621    Endzeit: 68    Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 14:51:58 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1078    Startzeit: 01cdc106ad0680dc    Endzeit: 85    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 15:20:08 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 151c    Startzeit: 01cdc10a9a7d9ed4    Endzeit: 70    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 16:06:58 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 17ec    Startzeit: 01cdc1110745079d    Endzeit: 47    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 16:47:31 | Computer Name = TCB-PC | Source = Windows Backup | ID = 4104
Description =
 
[ System Events ]
Error - 15.11.2012 17:55:01 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:55:01 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:00 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:01 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:01 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:01 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:28 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:29 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:30 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 15.11.2012 17:56:30 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
 
< End of report >
GMER.txt
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-16 19:33:42
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000062 ST950032 rev.0003
Running: t252igie.exe; Driver: C:\Users\TCB\AppData\Local\Temp\pftdipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D  8308EA49 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2    830C84D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys  section is writeable [0x8E414000, 0x353030, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device          \Driver\kbdclass \Device\KeyboardClass0  ETD.sys (ETD Kernel Center/ELAN Microelectronics Corp.)
Device          \Driver\kbdclass \Device\KeyboardClass1  ETD.sys (ETD Kernel Center/ELAN Microelectronics Corp.)
Device          \Driver\ACPI_HAL \Device\00000046        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4    rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Vielen Dank für eure Hilfe.

Gruß,
Peter

M-K-D-B 18.11.2012 10:48
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Software / Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • Avira SearchFree Toolbar plus Web Protection Updater
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.
  • Sollte es Probleme mit der Deinstallation geben, so lass es mich bitte wissen.





Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von Adwcleaner,
  • die Logdatei von ComboFix.

ph1979 18.11.2012 14:04
Hallo Matthias,

vielen Dank für deine Hilfe.

Habe bei der Ausführung von Schritt 1 (Deinstallation von Avira SearchFree Toolbar) folgendes Problem:
Ich bekomme die Fehlermeldung: "Sie verfügen nicht über die ausreichende Berechtigungen, um Avira SearchFree Toolbar plus Web Protection Updater zu deinstallieren. Wenden Sie sich an den Systemadministrator."

Soll ich mit Schritt 2 und 3 laut deiner Anleitung trotzdem weitermachen oder nicht?

Gruß,
Peter

M-K-D-B 18.11.2012 14:41
Servus,


fahre bitte mit Schritt 2 und 3 fort. :)

ph1979 18.11.2012 16:12
Hallo Matthias,

anbei die Logdateien:

Code:
# AdwCleaner v2.008 - Datei am 18/11/2012 um 15:25:39 erstellt
# Aktualisiert am 17/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : TCB - TCB-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TCB\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\TCB\AppData\Local\APN
Ordner Gelöscht : C:\Users\TCB\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\TCB\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo
Ordner Gelöscht : C:\Users\TCB\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\TCB\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\TCB\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ajeaeekpfakbiidigngcnelnclhnaibo
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\TCB\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.1] : icon_url ={"hxxp_throttling":{"enabled":true},"countryid_at_install":16724,"download":{"directory_upgrade":tru[...]

*************************

AdwCleaner[S1].txt - [2725 octets] - [18/11/2012 15:25:39]

########## EOF - C:\AdwCleaner[S1].txt - [2785 octets] ##########

Combofix Logfile:
Code:
ComboFix 12-11-16.02 - TCB 18.11.2012  15:54:10.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.1643.966 [GMT 1:00]
ausgeführt von:: c:\users\TCB\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-18 bis 2012-11-18  ))))))))))))))))))))))))))))))
.
.
2012-11-18 15:03 . 2012-11-18 15:03        --------        d-----w-        c:\users\TCB\AppData\Local\temp
2012-11-18 15:03 . 2012-11-18 15:03        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-18 13:03 . 2012-10-12 05:56        6918632        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E0E773F-FB54-4F01-9F20-1CF556C473D8}\mpengine.dll
2012-11-16 18:48 . 2012-10-12 05:56        6918632        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-15 21:22 . 2012-07-26 03:39        526952        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 21:22 . 2012-07-26 03:39        47720        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 21:22 . 2012-07-26 02:46        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-11-15 21:20 . 2012-10-08 07:44        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-15 19:28 . 2012-10-03 16:58        1293680        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-11-15 19:28 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\system32\ncsi.dll
2012-11-15 19:28 . 2012-10-03 16:40        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-11-15 19:28 . 2012-10-03 16:42        242176        ----a-w-        c:\windows\system32\nlasvc.dll
2012-11-15 19:28 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\system32\netcorehc.dll
2012-11-15 19:28 . 2012-10-03 15:21        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 19:28 . 2012-10-03 16:42        52224        ----a-w-        c:\windows\system32\nlaapi.dll
2012-11-15 19:28 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-11-15 19:28 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-11-15 19:28 . 2012-10-18 17:59        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-11-15 19:28 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-11-15 19:28 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-11-12 18:58 . 2012-11-12 18:58        --------        d-----w-        c:\users\TCB\AppData\Roaming\TuneUp Software
2012-11-12 18:57 . 2012-11-12 18:58        --------        d-----w-        c:\programdata\TuneUp Software
2012-11-12 18:56 . 2012-11-12 19:07        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-12 18:56 . 2012-11-12 18:56        --------        d--h--w-        c:\programdata\Common Files
2012-10-29 23:03 . 2012-10-29 23:03        --------        d-----w-        c:\program files\Photo Notifier and Animation Creator
2012-10-29 23:03 . 2012-10-29 23:03        --------        d-----w-        c:\programdata\Photo Notifier and Animation Creator
2012-10-29 23:02 . 2012-11-01 06:39        --------        d-----w-        c:\users\TCB\AppData\Local\IM
2012-10-29 23:02 . 2012-10-29 23:04        --------        d-----w-        c:\programdata\IM
2012-10-29 23:02 . 2012-10-29 23:02        --------        d-----w-        c:\programdata\IncrediMail
2012-10-29 23:01 . 2012-10-29 23:01        --------        d-----w-        c:\users\TCB\AppData\Local\CRE
2012-10-29 16:58 . 2012-10-29 16:58        --------        d-----w-        c:\users\TCB\AppData\Roaming\Leadertech
2012-10-29 16:02 . 2012-10-29 16:02        --------        d-----w-        c:\users\TCB\AppData\Roaming\SDIV 2.0
2012-10-29 16:02 . 2012-10-29 16:02        --------        d-----w-        c:\users\TCB\AppData\Roaming\DataMgr
2012-10-29 16:02 . 2012-10-29 16:02        --------        d-----w-        c:\users\TCB\AppData\Roaming\HMN
2012-10-24 10:50 . 2012-10-24 10:50        163056        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-20 17:28 . 2012-09-27 20:02        740784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D3076D2-FAE0-42EB-A0E9-D94324D564A2}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 20:02 . 2012-07-04 17:24        740784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 18:28 . 2012-10-10 12:01        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 12:00        1211760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03        193552        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 18:44        99272        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 17:12 . 2012-10-10 12:00        3914096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:00        3968880        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 12:01        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-08-22 17:16 . 2012-09-16 15:23        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-16 15:23        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-16 15:23        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 16:03        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40 . 2012-10-10 12:01        169984        ----a-w-        c:\windows\system32\winsrv.dll
2012-08-20 17:40 . 2012-10-10 12:01        293376        ----a-w-        c:\windows\system32\KernelBase.dll
2012-08-20 17:37 . 2012-10-10 12:00        271360        ----a-w-        c:\windows\system32\conhost.exe
2012-08-20 17:32 . 2012-10-10 12:00        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 12:00        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 12:00        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 12:00        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 12:00        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-01 39408]
"DataMgr"="c:\users\TCB\AppData\Roaming\DataMgr\datamgr.exe" [2012-10-14 168264]
"Protector"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-11-04 2482176]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-17 10082920]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2011-05-17 1546856]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-06-03 1813800]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-3-1 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Advanced System Protector"=
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 watchmi;watchmi service;c:\program files\watchmi\TvdService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 09:55]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 09:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{990af1c2-5a27-4460-8149-ecc6bc122af3} - (no file)
BHO-{553318DA-D010-469E-84B1-496563CAE1BF} - (no file)
WebBrowser-{990AF1C2-5A27-4460-8149-ECC6BC122AF3} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-18  16:06:55
ComboFix-quarantined-files.txt  2012-11-18 15:06
.
Vor Suchlauf: 4 Verzeichnis(se), 411.226.161.152 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 411.624.759.296 Bytes frei
.
- - End Of File - - 81DC6A2CD1DB1C89D648A5BA0F41444C
--- --- ---


Gruß,
Peter

M-K-D-B 19.11.2012 09:23
Servus Peter,



wir müssen nochmal ran mit ComboFix:



Schritt 1
Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    Folder::
    c:\users\TCB\AppData\Roaming\DataMgr
    c:\users\TCB\AppData\Roaming\HMN
    c:\users\TCB\AppData\Roaming\SDIV 2.0

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DataMgr"=-
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!







Schritt 2
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.
Code:
activex
netsvcs
msconfig
C:\Users\TCB\AppData\Roaming\*.
CREATERESTOREPOINT
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ComboFix,
  • die beiden Logdateien von OTL.

ph1979 19.11.2012 18:10
Hallo Matthias,

anbei die Logdateien:

Combofix Logfile:
Code:
ComboFix 12-11-16.02 - TCB 19.11.2012  13:54:18.2.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.1643.901 [GMT 1:00]
ausgeführt von:: c:\users\TCB\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\TCB\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TCB\AppData\Roaming\DataMgr
c:\users\TCB\AppData\Roaming\DataMgr\datamgr.exe
c:\users\TCB\AppData\Roaming\DataMgr\version.txt
c:\users\TCB\AppData\Roaming\HMN
c:\users\TCB\AppData\Roaming\SDIV 2.0
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\alien.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\alien\core.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\alien\struct.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\base.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\debug_ext.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\debug_init.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\getopt.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\io_ext.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\array.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\calls.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\number.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\object.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\others.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\strings.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\decode\util.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\array.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\calls.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\number.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\object.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\others.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\output.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\output_utility.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\encode\strings.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\json\util.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\lfs.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\list.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\lpeg.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\lua5.1.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\lua51.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\luacom.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\luasql\sqlite3.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\main.bin
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\math_ext.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\Microsoft.VC80.CRT\msvcm80.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\Microsoft.VC80.CRT\msvcp80.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\Microsoft.VC80.CRT\msvcr80.dll
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\modules.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\package_ext.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\prot.vbs
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\set.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\std.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\strbuf.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\string_ext.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\table_ext.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\tree.lua
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\tu\tu.exe
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\tu\version.txt
c:\users\TCB\AppData\Roaming\SDIV 2.0\Prot\wlua.exe
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-10-19 bis 2012-11-19  ))))))))))))))))))))))))))))))
.
.
2012-11-19 13:13 . 2012-11-19 13:14        --------        d-----w-        c:\users\TCB\AppData\Local\temp
2012-11-19 13:13 . 2012-11-19 13:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-11-18 13:03 . 2012-10-12 05:56        6918632        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E0E773F-FB54-4F01-9F20-1CF556C473D8}\mpengine.dll
2012-11-16 18:48 . 2012-10-12 05:56        6918632        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-15 21:22 . 2012-07-26 03:39        526952        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 21:22 . 2012-07-26 03:39        47720        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 21:22 . 2012-07-26 02:46        9728        ----a-w-        c:\windows\system32\Wdfres.dll
2012-11-15 21:20 . 2012-10-08 07:44        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-11-15 19:28 . 2012-10-03 16:58        1293680        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-11-15 19:28 . 2012-10-03 16:42        156672        ----a-w-        c:\windows\system32\ncsi.dll
2012-11-15 19:28 . 2012-10-03 16:40        499712        ----a-w-        c:\windows\system32\iphlpsvc.dll
2012-11-15 19:28 . 2012-10-03 16:42        242176        ----a-w-        c:\windows\system32\nlasvc.dll
2012-11-15 19:28 . 2012-10-03 16:42        175104        ----a-w-        c:\windows\system32\netcorehc.dll
2012-11-15 19:28 . 2012-10-03 15:21        35328        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 19:28 . 2012-10-03 16:42        52224        ----a-w-        c:\windows\system32\nlaapi.dll
2012-11-15 19:28 . 2012-10-03 16:42        18944        ----a-w-        c:\windows\system32\netevent.dll
2012-11-15 19:28 . 2012-09-25 22:47        78336        ----a-w-        c:\windows\system32\synceng.dll
2012-11-15 19:28 . 2012-10-18 17:59        2345984        ----a-w-        c:\windows\system32\win32k.sys
2012-11-15 19:28 . 2012-10-09 17:40        193536        ----a-w-        c:\windows\system32\dhcpcore6.dll
2012-11-15 19:28 . 2012-10-09 17:40        44032        ----a-w-        c:\windows\system32\dhcpcsvc6.dll
2012-11-12 18:58 . 2012-11-12 18:58        --------        d-----w-        c:\users\TCB\AppData\Roaming\TuneUp Software
2012-11-12 18:57 . 2012-11-12 18:58        --------        d-----w-        c:\programdata\TuneUp Software
2012-11-12 18:56 . 2012-11-12 19:07        --------        d-sh--w-        c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-12 18:56 . 2012-11-12 18:56        --------        d--h--w-        c:\programdata\Common Files
2012-10-29 23:03 . 2012-10-29 23:03        --------        d-----w-        c:\program files\Photo Notifier and Animation Creator
2012-10-29 23:03 . 2012-10-29 23:03        --------        d-----w-        c:\programdata\Photo Notifier and Animation Creator
2012-10-29 23:02 . 2012-11-01 06:39        --------        d-----w-        c:\users\TCB\AppData\Local\IM
2012-10-29 23:02 . 2012-10-29 23:04        --------        d-----w-        c:\programdata\IM
2012-10-29 23:02 . 2012-10-29 23:02        --------        d-----w-        c:\programdata\IncrediMail
2012-10-29 23:01 . 2012-10-29 23:01        --------        d-----w-        c:\users\TCB\AppData\Local\CRE
2012-10-29 16:58 . 2012-10-29 16:58        --------        d-----w-        c:\users\TCB\AppData\Roaming\Leadertech
2012-10-24 10:50 . 2012-10-24 10:50        163056        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-20 17:28 . 2012-09-27 20:02        740784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D3076D2-FAE0-42EB-A0E9-D94324D564A2}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-27 20:02 . 2012-07-04 17:24        740784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 18:28 . 2012-10-10 12:01        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-10 12:00        1211760        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03        193552        ----a-w-        c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 18:44        99272        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 17:12 . 2012-10-10 12:00        3914096        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 12:00        3968880        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-08-24 16:57 . 2012-10-10 12:01        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-08-22 17:16 . 2012-09-16 15:23        712048        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-16 15:23        240496        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-16 15:23        187760        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 16:03        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-01 39408]
"Protector"="wscript.exe" [2009-07-14 141824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-10 336384]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2010-11-04 2482176]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-05-17 10082920]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2011-05-17 1546856]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2011-06-03 1813800]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Advanced System Protector"=
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 watchmi;watchmi service;c:\program files\watchmi\TvdService.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 09:55]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-01 09:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-19  14:22:49
ComboFix-quarantined-files.txt  2012-11-19 13:22
ComboFix2.txt  2012-11-18 15:06
.
Vor Suchlauf: 7 Verzeichnis(se), 411.488.079.872 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 411.591.331.840 Bytes frei
.
- - End Of File - - 87AA38CD66720B24EC29E15F864024C5
--- --- ---

OTL Logfile:
Code:
OTL logfile created on: 19.11.2012 14:36:41 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\TCB\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 50,28% Memory free
3,21 Gb Paging File | 2,27 Gb Available in Paging File | 70,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434,66 Gb Total Space | 383,00 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 8,26 Gb Free Space | 27,53% Space Free | Partition Type: NTFS
 
Computer Name: TCB-PC | User Name: TCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.19 14:34:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.05.17 23:26:40 | 001,546,856 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2011.04.14 17:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.06 12:52:54 | 001,070,080 | ---- | M] () -- C:\Program Files\watchmi\TvdTray.exe
PRC - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () -- C:\Program Files\watchmi\TvdService.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.09 20:56:08 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.11.09 20:55:38 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.08.03 23:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.15 23:12:51 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll
MOD - [2012.11.15 22:52:31 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012.11.15 22:49:39 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\40267c1bec60c4b94be794a65a4a8a49\System.IdentityModel.ni.dll
MOD - [2012.11.15 22:49:36 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\fecb0ca59057e9d190318551d40feb22\System.Runtime.Serialization.ni.dll
MOD - [2012.11.15 22:49:29 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\3d3f043f645c0afeee0f7ed04c5e26e7\SMDiagnostics.ni.dll
MOD - [2012.11.15 22:49:27 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8cdf7f9bde2b780692428f439f0f5a08\System.ServiceModel.ni.dll
MOD - [2012.11.15 22:43:02 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012.11.15 22:42:58 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012.11.15 22:42:14 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.15 22:41:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.15 22:41:21 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012.11.15 22:40:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.15 22:40:31 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.15 22:40:23 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012.11.15 22:39:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.15 22:39:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.15 22:39:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.15 22:39:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 22:39:23 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.03.01 10:56:29 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.5.0.5__f722db7bec59a14b\Tvd.Remote.dll
MOD - [2011.05.12 17:08:30 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.05.12 17:07:51 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.12.06 12:52:54 | 001,070,080 | ---- | M] () -- C:\Program Files\watchmi\TvdTray.exe
MOD - [2010.12.06 12:52:54 | 000,004,608 | ---- | M] () -- C:\Program Files\watchmi\de\TvdTray.resources.dll
MOD - [2010.11.13 00:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.10 23:38:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010.08.03 23:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.03 23:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.03.03 12:22:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.11.09 20:55:38 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\TCB\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.15 00:16:10 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2011.04.13 17:30:04 | 000,161,024 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.04.13 17:30:02 | 000,067,456 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.30 13:40:04 | 000,226,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV - [2010.11.29 02:50:40 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.17 06:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.11.09 21:33:04 | 006,574,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.11.09 20:18:34 | 000,229,888 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.04 17:52:50 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2010.11.04 17:52:50 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2010.10.12 13:11:08 | 000,997,992 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2010.09.23 20:44:58 | 000,084,776 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2010.06.23 09:24:58 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.25 04:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.10.26 22:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\..\SearchScopes,DefaultScope = {5A96F133-285E-4F47-940E-C2D70DFD0000}
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\..\SearchScopes\{5A96F133-285E-4F47-940E-C2D70DFD0000}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDND_deAT473
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\..\SearchScopes\{8EB622A1-D669-4A37-8ABE-986CE53B5664}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=851269f0-89d2-439f-bf32-87c95408b39f&apn_sauid=A26B8B56-5982-44E6-965C-E880347D80B7
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
 
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.11.19 14:14:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-224634615-3964398671-1778787708-1000..\Run: [Protector] wscript.exe "C:\Users\TCB\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{124D51CC-B61D-49CC-923E-133CEAFDF57E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27667974-0BD0-4355-A9BA-FB9E444F90FE}: DhcpNameServer = 10.0.0.138 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.19 14:34:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe
[2012.11.19 14:22:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.19 14:22:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.19 14:22:53 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\temp
[2012.11.19 13:47:06 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\TCB\Desktop\ComboFix.exe
[2012.11.18 15:51:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.18 15:51:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.18 15:51:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.18 15:51:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.18 15:51:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.15 22:26:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.11.15 22:22:38 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.15 22:22:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.15 22:21:57 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.15 22:21:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.15 22:21:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.15 22:21:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.15 22:21:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.15 22:21:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.15 22:20:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.15 22:20:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.15 22:20:56 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.15 22:20:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.15 22:20:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.15 20:28:35 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.15 20:28:34 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.15 20:28:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.15 20:28:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.15 20:28:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.15 20:28:17 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.15 20:28:16 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.12 19:58:43 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\TuneUp Software
[2012.11.12 19:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.12 19:56:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.11.12 19:56:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.30 00:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
[2012.10.30 00:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2012.10.30 00:02:57 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\IM
[2012.10.30 00:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[2012.10.30 00:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2012.10.30 00:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2012.10.30 00:01:37 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Local\CRE
[2012.10.29 17:58:47 | 000,000,000 | ---D | C] -- C:\Users\TCB\AppData\Roaming\Leadertech
[2012.10.29 17:02:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012.10.29 17:00:12 | 015,271,824 | ---- | C] (Google Inc.) -- C:\Users\TCB\Desktop\picasa_3-9-136-09-setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.19 14:34:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TCB\Desktop\OTL.exe
[2012.11.19 14:14:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.19 14:01:22 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.19 13:50:05 | 000,017,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 13:50:05 | 000,017,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.19 13:47:17 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\TCB\Desktop\ComboFix.exe
[2012.11.19 13:43:07 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.19 13:42:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.19 13:42:38 | 1291,849,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.18 15:25:03 | 000,543,531 | ---- | M] () -- C:\Users\TCB\Desktop\adwcleaner.exe
[2012.11.15 23:35:27 | 000,302,592 | ---- | M] () -- C:\Users\TCB\Desktop\t252igie.exe
[2012.11.15 23:01:29 | 000,000,000 | ---- | M] () -- C:\Users\TCB\defogger_reenable
[2012.11.15 23:00:31 | 000,050,477 | ---- | M] () -- C:\Users\TCB\Desktop\Defogger.exe
[2012.11.15 22:37:57 | 000,281,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.15 22:32:05 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.15 22:32:05 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.15 22:32:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.15 22:32:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.12 20:09:23 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.30 00:01:45 | 000,000,009 | ---- | M] () -- C:\END
[2012.10.29 17:02:23 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.10.29 17:01:01 | 015,271,824 | ---- | M] (Google Inc.) -- C:\Users\TCB\Desktop\picasa_3-9-136-09-setup.exe
 
========== Files Created - No Company Name ==========
 
[2012.11.18 15:51:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.18 15:51:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.18 15:51:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.18 15:51:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.18 15:51:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.18 15:25:01 | 000,543,531 | ---- | C] () -- C:\Users\TCB\Desktop\adwcleaner.exe
[2012.11.15 23:35:27 | 000,302,592 | ---- | C] () -- C:\Users\TCB\Desktop\t252igie.exe
[2012.11.15 23:01:29 | 000,000,000 | ---- | C] () -- C:\Users\TCB\defogger_reenable
[2012.11.15 23:00:31 | 000,050,477 | ---- | C] () -- C:\Users\TCB\Desktop\Defogger.exe
[2012.11.15 22:22:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.15 22:21:53 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.30 00:01:05 | 000,000,009 | ---- | C] () -- C:\END
[2012.10.29 17:02:23 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011.05.13 19:25:58 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.05.13 19:13:20 | 000,080,488 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.05.13 18:47:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.13 17:49:31 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.05.13 17:49:31 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.12 17:12:52 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.05.12 17:12:52 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.05.12 17:12:52 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.05.12 17:12:52 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< C:\Users\TCB\AppData\Roaming\*. >
[2012.04.24 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Adobe
[2012.06.28 22:56:24 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Apple Computer
[2012.03.01 11:01:41 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\ATI
[2012.03.08 07:55:21 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\CyberLink
[2012.03.01 11:09:57 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Google
[2012.04.24 18:44:06 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\HTC
[2012.04.24 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.03.01 11:01:19 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Identities
[2012.10.29 17:58:47 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Leadertech
[2011.05.13 18:31:27 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Macromedia
[2012.09.16 15:04:03 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Malwarebytes
[2010.11.21 01:46:49 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Media Center Programs
[2012.11.16 20:08:47 | 000,000,000 | --SD | M] -- C:\Users\TCB\AppData\Roaming\Microsoft
[2012.09.16 16:11:05 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Systweak
[2012.11.12 19:58:43 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\TuneUp Software
[2012.04.23 12:29:10 | 000,000,000 | ---D | M] -- C:\Users\TCB\AppData\Roaming\Windows Live Writer
 
<          >

< End of report >
--- --- ---

[/code]

OTL Logfile:
Code:
OTL Extras logfile created on: 19.11.2012 14:36:41 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\TCB\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,60 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 50,28% Memory free
3,21 Gb Paging File | 2,27 Gb Available in Paging File | 70,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434,66 Gb Total Space | 383,00 Gb Free Space | 88,11% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 8,26 Gb Free Space | 27,53% Space Free | Partition Type: NTFS
 
Computer Name: TCB-PC | User Name: TCB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023EBDD4-D623-4424-89BF-6C55F21BCF0B}" = lport=445 | protocol=6 | dir=in | app=system |
"{0647C6A0-FF7A-49D2-A70D-0057E79C089F}" = rport=445 | protocol=6 | dir=out | app=system |
"{0A92B3B1-4C1C-4306-89E1-DDF27E7ACFA2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{117C40C3-19DD-4EAB-9FE7-694DD9416E8C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17046C67-7071-4B88-B70B-73FABF4E2496}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{194173FD-50DC-4F2A-B9F5-93B6B22D729F}" = rport=137 | protocol=17 | dir=out | app=system |
"{22242611-19C2-4816-90DA-46307C3F7DAF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25897280-CB1F-4B00-879E-BC22248F0A3B}" = rport=138 | protocol=17 | dir=out | app=system |
"{27E3D25C-74A0-4A2E-804C-B1A625629924}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{28E09ED9-8B77-403B-B464-F90A88D2106B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28EB9130-284B-40ED-9891-2B1B7242FC58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FF193D7-172E-438A-87D5-FED8185A1A6F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4DCA082B-E160-4817-9719-05A1B24E9C22}" = lport=138 | protocol=17 | dir=in | app=system |
"{58558ACE-B042-4778-AFCC-97A883895E86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D6553F3-0042-4DEE-9B4E-2FEB147446CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{81E33064-AF29-4339-986F-6DFD3CBEB08B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{856636F7-1DF4-4D6A-B8D4-18893EA420D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{933D1898-63FE-4B06-88B7-BC711381C7F5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A7C2948C-254E-4401-AFFB-055B04C41DD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA6D8979-1698-4C87-A0CA-1F9CC3DFC253}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AACBF8CC-BB4A-45A3-9F02-BE036C404291}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B144ABAC-002E-478E-B7B6-D6DEA982227B}" = rport=139 | protocol=6 | dir=out | app=system |
"{B2209CD8-1FA4-4421-BFF9-FAD96E05D1E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6292818-A56E-498C-BCED-BE69C13FAC3E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D027B0E4-BD4E-4C6D-A018-823D7F80379B}" = lport=139 | protocol=6 | dir=in | app=system |
"{E12774C8-5300-439F-ABAF-925A89591E78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3EA8D24-76AB-41D7-AE48-C208DD839071}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F54D4B03-199B-4038-99F1-EDBE869BFFDE}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08B0EB27-057D-4214-8139-2A7CCA5E5BFC}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1372F681-33D6-4279-AA93-662B4B3FD061}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19FF63CC-1BFA-4F19-859D-AA8F99314AC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20A79CE5-ACE4-475F-89DC-A81D04AB2FA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{264EAB0E-392C-4542-A4F6-6D8457A44EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{285E1F59-78D0-44F7-BE61-16BA6B34FA61}" = protocol=6 | dir=out | app=system |
"{4E408902-922D-4754-9ABD-ADB2C7685C0E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4EAD8F29-5244-452B-9D4A-799DF2FDAE0C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{64201A62-2F27-492F-A0FB-03643197A104}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6DC4D770-64B2-4FF3-8047-A0934B24AF9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E442E0A-5EE1-4227-8D23-A3467AB9ACD4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6E85E7B3-65C5-41B2-AC54-EDC16608A48E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{720A35F2-DA13-4039-B0DE-91155A2A77ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73721FFF-BD0F-4B54-A2E7-89885DA2332E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{76B3DC81-C85A-49B1-ABB2-89BB24AF9191}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{76E715FC-859A-4FA1-8F7B-F5C05F058372}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{79F0CDE4-43AD-4E32-9496-9E2590CA75B3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D9A1255-ACDF-4BC9-B3AE-EA803799A829}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{894FE6C0-2956-4BC4-A71F-99AC9EFD39B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9BBEF94B-899E-4F07-9C2F-E89D7E07F56C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2BCC575-19A2-405E-94B2-7CA70BAB18FC}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{A8EB5890-7043-4620-A3C5-4D04763FCB0E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B13D7B14-15FE-4C07-8259-004267930EA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7DE20D2-1047-445C-BF59-3BE39B10A137}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BDD81686-DFB0-4946-99D3-2AD4EA0F3D72}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE2BD37A-C460-4649-83E0-E5C5AA2C9F53}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0324A887-8199-CEB6-3259-92F728D10B04}" = CCC Help Danish
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07536181-6201-8327-2599-2A005F754439}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AA47BF-9218-C18C-D8E1-20F70B430108}" = CCC Help Thai
"{21169EC4-AAC1-063C-5DCC-4BB3B940191A}" = ccc-utility
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F206CA5-B50E-E255-BE2C-B1045EA50BD9}" = CCC Help Italian
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D9008D-5D2A-E4FB-EED9-740E7C469EC1}" = CCC Help Chinese Traditional
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4265110C-AFEA-F029-D950-EC6916DE01AD}" = ATI Catalyst Install Manager
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A423411-E28A-4A13-BDB0-8E8BC42FFA29}" = HTC Sync
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59682D7F-15D4-4DE1-5B09-97F6F5BBE0EF}" = ccc-core-static
"{609FEDFB-D745-FADA-BB34-562D1A9BD7E9}" = CCC Help English
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{704F6A89-8213-7778-14B2-81F0EC168B53}" = CCC Help Finnish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{845E0BCB-8C8D-4FAB-8588-AD5FFD156C95}" = Windows Live Remote Service Resources
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8834E598-0C12-255D-3C8B-04CECCCC0B52}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEF08A8-BEFA-B590-62CD-F6BABFC04920}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DB23C1D-5EA1-679C-593E-D8471537EC6E}" = Catalyst Control Center Profiles Mobile
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{972D40CF-95CF-17AF-8261-A3E82EF0AE9E}" = Catalyst Control Center Localization All
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FE31B9F-D10D-9DAE-995B-D55E07AC1CA8}" = CCC Help Russian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{ACA9C87E-C678-5013-7B43-6EAE550C0C38}" = CCC Help Czech
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE3C3BA0-82F9-A894-1819-5BD78F6A22A2}" = Catalyst Control Center InstallProxy
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BE388125-412B-84A7-D9A1-B3508BF025E7}" = WMV9/VC-1 Video Playback
"{C2956217-9859-CF6A-9029-CB5BA7287D5B}" = CCC Help Korean
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2CA0239-7CA4-E535-FAB4-90F90907B623}" = CCC Help Swedish
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C3C3A37F-11A7-9F26-7F2A-49359EE4B359}" = CCC Help Greek
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C77FB997-AE80-D6B7-F6EF-932A01D460D7}" = CCC Help Chinese Standard
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0774FA-1114-0650-0DD5-FAEBDFCBC513}" = CCC Help German
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DC78B037-59D9-2101-2276-9BA1BD06C634}" = CCC Help Spanish
"{DCAECA45-E848-3EBB-6E76-9CAAE3BC591C}" = CCC Help Hungarian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF9958AE-4EBE-809B-D3D3-5CAFF3F47A3C}" = CCC Help Norwegian
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CCBE54-9132-44E9-82DF-CD364AD5C22D}" = Windows Live Remote Client Resources
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F87B5CC4-C415-1918-3507-352F9B983335}" = CCC Help French
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCE5D557-C5EB-F671-84CE-8F62EBDAAD1F}" = CCC Help Japanese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Elantech" = ETDWare PS/2-X86 8.0.5.4_WHQL
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.11.2012 06:23:31 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 7a4    Startzeit: 01cdbc08a6718e86    Endzeit: 42    Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 14:49:27 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 154c    Startzeit: 01cdbc4f07b35a18    Endzeit: 78    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 14:51:37 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e28    Startzeit: 01cdbc4f98e44afa    Endzeit: 46    Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 06.11.2012 14:58:43 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 8e0    Startzeit: 01cdbc505a1e4621    Endzeit: 68    Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 14:51:58 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1078    Startzeit: 01cdc106ad0680dc    Endzeit: 85    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 15:20:08 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 151c    Startzeit: 01cdc10a9a7d9ed4    Endzeit: 70    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 16:06:58 | Computer Name = TCB-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 17ec    Startzeit: 01cdc1110745079d    Endzeit: 47    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 12.11.2012 16:47:31 | Computer Name = TCB-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 15.11.2012 19:21:00 | Computer Name = TCB-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.11.2012 09:23:14 | Computer Name = TCB-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 19.11.2012 08:43:33 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 19.11.2012 08:43:33 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 19.11.2012 08:43:39 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 19.11.2012 08:43:40 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 19.11.2012 08:43:41 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 19.11.2012 08:43:41 | Computer Name = TCB-PC | Source = RTL8192Ce | ID = 0
Description =
 
Error - 19.11.2012 08:53:24 | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.11.2012 09:00:39 | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.11.2012 09:09:53 | Computer Name = TCB-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

        Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2333.0    Aktualisierungsquelle:
%%859    Aktualisierungsphase: %%852    Quellpfad: hxxp://www.microsoft.com    Signaturtyp:
%%800    Aktualisierungstyp: %%803    Benutzer: NT-AUTORITÄT\SYSTEM    Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0    Fehlercode: 0x8024402c    Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support".
 
Error - 19.11.2012 09:14:19 | Computer Name = TCB-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
--- --- ---

[/code]

Gruß,
Peter

M-K-D-B 19.11.2012 19:12
Servus,



Code:
:OTL
IE - HKU\S-1-5-21-224634615-3964398671-1778787708-1000\..\SearchScopes\{8EB622A1-D669-4A37-8ABE-986CE53B5664}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10397&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^ABV&apn_dtid=^YYYYYY^YY^AT&apn_uid=851269f0-89d2-439f-bf32-87c95408b39f&apn_sauid=A26B8B56-5982-44E6-965C-E880347D80B7
O4 - HKU\S-1-5-21-224634615-3964398671-1778787708-1000..\Run: [Protector] wscript.exe "C:\Users\TCB\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check File not found

:Commands
[emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Bekommst du immer noch ein PopUp?
Wenn ja, beschreibe mir das PopUp bitte genauer oder fertige einen Screenshot an.

ph1979 19.11.2012 19:40
Hallo Matthias,

das PopUp kommt nicht mehr. So weit ich es beurteilen kann läuft sonst auch alles ohne Probleme.

Anbei die Logdatei:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-224634615-3964398671-1778787708-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8EB622A1-D669-4A37-8ABE-986CE53B5664}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EB622A1-D669-4A37-8ABE-986CE53B5664}\ not found.
Registry value HKEY_USERS\S-1-5-21-224634615-3964398671-1778787708-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Protector deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: TCB
->Temp folder emptied: 1524 bytes
->Temporary Internet Files folder emptied: 89042733 bytes
->Java cache emptied: 107351 bytes
->Google Chrome cache emptied: 15273322 bytes
->Flash cache emptied: 536 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 100,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11192012_192126

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Gruß,
Peter

M-K-D-B 19.11.2012 20:09
Servus Peter,


na das hört sich doch schon mal gut an. :)

Nun folgen noch ein paar Kontrollen:





Schritt 1
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

ph1979 19.11.2012 22:49
Hallo Matthias,

anbei die Logdateien:

MBAM:
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
TCB :: TCB-PC [Administrator]

19.11.2012 20:27:11
mbam-log-2012-11-19 (20-27-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201820
Laufzeit: 6 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
ESET:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=860185f772ad75418467ec126feec404
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-19 09:35:23
# local_time=2012-11-19 10:35:23 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 18103545 104985484 0 0
# compatibility_mode=8192 67108863 100 0 3795 3795 0 0
# scanned=99425
# found=1
# cleaned=0
# scan_time=6631
D:\TCB-PC\Backup Set 2012-11-19 135256\Backup Files 2012-11-19 135256\Backup files 3.zip        Java/Exploit.CVE-2012-1723.BT trojan (unable to clean)        00000000000000000000000000000000        I
SecurityCheck:
Code:
Results of screen317's Security Check version 0.99.54 
 Windows 7 Service Pack 1 x86 (UAC is disabled!) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.65.1.1000 
 Java(TM) 6 Update 25 
 Java version out of Date!
 Google Chrome 21.0.1180.83 
 Google Chrome 21.0.1180.89 
 Google Chrome 22.0.1229.79 
 Google Chrome 22.0.1229.92 
 Google Chrome 22.0.1229.94 
 Google Chrome 23.0.1271.64 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

M-K-D-B 20.11.2012 10:41
Servus,


lösche bitte die folgende Zip Datei per Hand:
D:\TCB-PC\Backup Set 2012-11-19 135256\Backup Files 2012-11-19 135256\Backup files 3.zip

Gib mir Bescheid, wenn das erledigt ist. :)

ph1979 20.11.2012 19:01
Hallo Matthias,

Datei gelöscht. :-)

Gruß,
Peter

M-K-D-B 20.11.2012 21:46
Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt 1
Bitte aktiviere die Benutzerkontensteuerung, wie es hier beschrieben ist.





Schritt 2
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Software / Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.





Schritt 3
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.





Schritt 4
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 5
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Schließe die sich öffnende Textdatei.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.





Schritt 6
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B 21.11.2012 16:15
Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131