Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   SpyHunter 4-Reste entfernen (https://www.trojaner-board.de/134224-spyhunter-4-reste-entfernen.html)

Daniel12123 02.05.2013 10:47
Hier die Log zu Combofix:

Code:
ComboFix 13-05-01.03 - Daniel 01.05.2013  23:54:31.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3062.1862 [GMT 2:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Roaming\Windir
c:\users\Daniel\AppData\Roaming\Windir\Svchostt.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-01 bis 2013-05-01  ))))))))))))))))))))))))))))))
.
.
2013-04-30 11:50 . 2013-04-30 18:47        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6A6576E-B398-4FE3-92E7-B9F867E712B1}\offreg.dll
2013-04-30 11:46 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D6A6576E-B398-4FE3-92E7-B9F867E712B1}\mpengine.dll
2013-04-29 14:28 . 2013-04-29 14:28        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-04-29 14:27 . 2013-04-29 14:27        --------        d-----w-        c:\programdata\Malwarebytes
2013-04-24 12:35 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-23 11:46 . 2013-04-23 11:47        --------        d-----w-        c:\users\Daniel\AppData\Roaming\DAEMON Tools Pro
2013-04-23 11:46 . 2013-04-23 11:46        --------        d-----w-        c:\program files (x86)\DAEMON Tools Pro
2013-04-23 11:42 . 2013-04-23 11:46        --------        d-----w-        c:\programdata\DAEMON Tools Pro
2013-04-23 11:37 . 2013-04-23 11:37        --------        d-----w-        c:\users\Daniel\AppData\Local\DTClient
2013-04-23 11:18 . 2013-04-23 11:18        --------        d-----w-        C:\perflogs
2013-04-22 18:48 . 2013-04-22 18:48        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Profiles
2013-04-22 18:48 . 2013-04-22 18:48        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Crash Reports
2013-04-22 18:48 . 2013-04-22 18:48        --------        d-----w-        c:\users\Daniel\AppData\Local\Profiles
2013-04-19 21:29 . 2013-01-15 17:49        26432        ----a-w-        c:\windows\system32\RegistryDefragBootTime.exe
2013-04-19 13:23 . 2012-10-08 10:04        436840        ----a-w-        c:\windows\system32\ACRAMDiskHandlerService64RD3.exe
2013-04-19 13:23 . 2012-10-08 10:04        170088        ----a-w-        c:\windows\system32\ACMFEngine64RD3.dll
2013-04-11 16:18 . 2013-04-11 16:18        --------        d-----w-        c:\users\Daniel\AppData\Local\storage
2013-04-11 16:18 . 2013-04-11 16:18        --------        d-----w-        c:\programdata\Ubisoft
2013-04-11 16:01 . 2013-04-11 16:08        --------        d-----w-        c:\program files (x86)\Ubisoft
2013-04-10 13:43 . 2013-03-01 03:36        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-04-10 13:42 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-04-10 13:42 . 2013-03-19 06:04        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-10 13:42 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 13:42 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 13:42 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-10 13:42 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe
2013-04-10 13:42 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-04-09 13:45 . 2013-04-09 13:45        564824        ----a-w-        c:\windows\system32\drivers\sptd.sys
2013-04-09 13:04 . 2013-04-09 13:04        --------        d-----w-        c:\programdata\Firefly Studios
2013-04-07 17:41 . 2013-04-09 12:42        --------        dc----w-        c:\users\Daniel\AppData\Local\MigWiz
2013-04-06 21:50 . 2013-04-06 21:50        --------        d-----w-        c:\program files (x86)\Firefly Studios
2013-04-06 21:49 . 2004-10-22 00:18        749568        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2013-04-06 21:49 . 2004-10-22 00:17        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2013-04-06 21:49 . 2004-10-22 00:17        274432        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2013-04-06 21:49 . 2004-10-22 00:16        180224        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2013-04-06 21:49 . 2004-10-22 00:16        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2013-04-06 21:49 . 2013-04-06 21:49        192644        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2013-04-06 21:49 . 2013-04-06 21:49        323716        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2013-04-05 14:14 . 2013-04-24 20:42        --------        d-----w-        c:\program files\Recuva
2013-04-05 11:26 . 2013-04-05 11:26        --------        d-----w-        c:\program files (x86)\LG Electronics
2013-04-02 18:01 . 2013-04-02 18:01        --------        d-----w-        c:\program files (x86)\UltraISO
2013-04-02 18:01 . 2013-04-02 18:01        --------        d-----w-        c:\program files (x86)\Common Files\EZB Systems
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-29 18:10 . 2013-03-04 13:01        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-29 18:10 . 2013-03-04 13:01        691592        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 00:51 . 2013-03-03 11:02        72702784        ----a-w-        c:\windows\system32\MRT.exe
2013-03-28 13:07 . 2013-03-28 13:07        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-03-28 13:07 . 2013-03-28 13:07        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-28 13:07 . 2013-03-28 13:07        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-03-21 12:47 . 2013-03-21 12:47        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-03-21 12:47 . 2013-03-21 12:47        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-21 12:47 . 2013-03-21 12:47        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-13 20:51 . 2013-03-13 20:51        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-03-13 20:51 . 2013-03-13 20:51        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-03-13 20:51 . 2013-03-13 20:51        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-03-13 20:51 . 2013-03-13 20:51        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-13 20:51 . 2013-03-13 20:51        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-13 20:51 . 2013-03-13 20:51        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-03-13 20:51 . 2013-03-13 20:51        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-03-13 20:51 . 2013-03-13 20:51        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-03-13 20:51 . 2013-03-13 20:51        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-03-13 20:51 . 2013-03-13 20:51        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-03-13 20:51 . 2013-03-13 20:51        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-03-13 20:51 . 2013-03-13 20:51        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-03-13 20:51 . 2013-03-13 20:51        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-03-13 20:51 . 2013-03-13 20:51        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-03-13 20:51 . 2013-03-13 20:51        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-03-13 20:51 . 2013-03-13 20:51        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-03-13 20:51 . 2013-03-13 20:51        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-03-13 20:51 . 2013-03-13 20:51        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-03-13 20:51 . 2013-03-13 20:51        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-03-13 20:51 . 2013-03-13 20:51        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-03-13 20:51 . 2013-03-13 20:51        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-03-13 20:51 . 2013-03-13 20:51        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-03-13 20:51 . 2013-03-13 20:51        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-03-13 20:51 . 2013-03-13 20:51        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-03-13 20:51 . 2013-03-13 20:51        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-03-13 20:51 . 2013-03-13 20:51        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-03-13 20:51 . 2013-03-13 20:51        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-03-13 20:51 . 2013-03-13 20:51        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-03-13 20:51 . 2013-03-13 20:51        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-03-13 20:51 . 2013-03-13 20:51        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-03-13 20:51 . 2013-03-13 20:51        441856        ----a-w-        c:\windows\system32\html.iec
2013-03-13 20:51 . 2013-03-13 20:51        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-03-13 20:51 . 2013-03-13 20:51        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-13 20:51 . 2013-03-13 20:51        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-03-13 20:51 . 2013-03-13 20:51        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-03-13 20:51 . 2013-03-13 20:51        235008        ----a-w-        c:\windows\system32\url.dll
2013-03-13 20:51 . 2013-03-13 20:51        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-03-13 20:51 . 2013-03-13 20:51        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-03-13 20:51 . 2013-03-13 20:51        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-03-13 20:51 . 2013-03-13 20:51        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-03-13 20:51 . 2013-03-13 20:51        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-03-13 20:51 . 2013-03-13 20:51        149504        ----a-w-        c:\windows\system32\occache.dll
2013-03-13 20:51 . 2013-03-13 20:51        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-03-13 20:51 . 2013-03-13 20:51        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-03-13 20:51 . 2013-03-13 20:51        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-03-13 20:51 . 2013-03-13 20:51        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-03-13 20:51 . 2013-03-13 20:51        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-03-13 20:51 . 2013-03-13 20:51        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-03-13 20:51 . 2013-03-13 20:51        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-03-11 23:10 . 2013-03-03 08:37        282744        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-04 21:44 . 2013-03-04 21:44        189248        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-03-04 21:44 . 2013-03-04 21:44        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-03-04 17:26 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2013-03-04 17:26 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2013-03-03 17:36 . 2013-03-03 17:36        31344        ----a-w-        c:\windows\system32\drivers\cnnctfy2.sys
2013-02-26 13:05 . 2013-02-26 13:05        222720        ----a-w-        c:\windows\system32\clinfo.exe
2013-02-26 13:05 . 2013-02-26 13:05        76288        ----a-w-        c:\windows\system32\OpenVideo64.dll
2013-02-26 13:05 . 2013-02-26 13:05        65536        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2013-02-26 13:05 . 2013-02-26 13:05        64000        ----a-w-        c:\windows\system32\OVDecode64.dll
2013-02-26 13:05 . 2013-02-26 13:05        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2013-02-26 13:04 . 2013-02-26 13:04        29149696        ----a-w-        c:\windows\system32\amdocl64.dll
2013-02-26 13:03 . 2013-02-26 13:03        23810048        ----a-w-        c:\windows\SysWow64\amdocl.dll
2013-02-26 13:01 . 2013-02-26 13:01        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2013-02-26 13:01 . 2013-02-26 13:01        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2013-02-26 12:54 . 2013-02-26 12:54        5067264        ----a-w-        c:\windows\system32\amdsc64.dll
2013-02-26 12:54 . 2013-02-26 12:54        4083200        ----a-w-        c:\windows\SysWow64\amdsc.dll
2013-02-12 05:45 . 2013-03-13 19:28        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 19:28        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 19:28        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-13 19:28        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-13 19:28        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:28        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-13 20:38        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-02-06 18:00 . 2013-03-07 13:05        112640        ----a-w-        c:\windows\SysWow64\ff_vfw.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-10-23 3108480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2011-09-05 31744]
R3 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R3 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R3 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-12-27 65536]
R3 IObitUnlocker;IObitUnlocker;c:\program files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-08-26 35256]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-28 28600]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2013-03-03 31344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-08 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-28 86752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-16 14112]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-01-15 96768]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-04 18:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 505696]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 52600]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 570680]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-11-10 910136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-11-10 707416]
"LogMeIn Hamachi Ui"="c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1EC15ADB-0C2A-41E4-A8B5-4B4F7DB5D194}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vv1ex3fj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-03 18:03; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vv1ex3fj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-03 18:17; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vv1ex3fj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-03-22 14:40; ascsurfingprotection@iobit.com; c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vv1ex3fj.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-04-07 21:08; client@anonymox.net; c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vv1ex3fj.default\extensions\client@anonymox.net.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-02  00:05:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-05-01 22:05
.
Vor Suchlauf: 9 Verzeichnis(se), 197.567.885.312 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 197.050.589.184 Bytes frei
.
- - End Of File - - CD608D3222E7EE93256F0708B1D9B601

Programm hat den PC selbständig Neustarten lassen. Nach dem Neustart kab die Meldung
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
Aber nach einem weiteren Neustart war wieder alles normal.
Das er wegen eines anderen Antivier Programm oder sonstiges gemeckert hat, kam nicht vor.

cosinus 02.05.2013 13:18
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Daniel12123 02.05.2013 18:43
Hier die Log von Junkware Removal Tool:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by Daniel on 02.05.2013 at 19:27:41,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\vv1ex3fj.default\user.js
Emptied folder: C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\vv1ex3fj.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.05.2013 at 19:31:48,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hier die Log von AdwCleaner:

Code:
# AdwCleaner v2.300 - Datei am 02/05/2013 um 19:33:58 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Daniel - DANIEL-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniel\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\vv1ex3fj.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [730 octets] - [02/05/2013 19:33:58]

########## EOF - C:\AdwCleaner[R2].txt - [789 octets] ##########

Hier die Log von OTL:

Code:
OTL logfile created on: 02.05.2013 19:34:59 - Run 8
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Daniel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,96% Memory free
5,98 Gb Paging File | 4,33 Gb Available in Paging File | 72,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 183,90 Gb Free Space | 78,97% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 176,04 Gb Free Space | 75,72% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-TOSH | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Daniel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe (Wisdom Software Inc. )
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdvancedSystemCareService6) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (Connectify) -- C:\Program Files (x86)\Connectify\ConnectifyService.exe ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TPCHSrv) -- C:\Programme\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (cnnctfy2) -- C:\Windows\SysNative\drivers\cnnctfy2.sys (Connectify)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (andnetadb) -- C:\Windows\SysNative\drivers\lgandnetadb.sys (Google Inc)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation                          )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (IObitUnlocker) -- C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2859147082-2450945637-3050585093-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2859147082-2450945637-3050585093-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2859147082-2450945637-3050585093-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 14:59:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 14:59:19 | 000,000,000 | ---D | M]
 
[2013.03.03 14:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2013.04.07 21:08:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\vv1ex3fj.default\extensions
[2013.03.03 19:17:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\vv1ex3fj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.22 14:40:16 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\vv1ex3fj.default\extensions\ascsurfingprotection@iobit.com
[2013.04.07 21:08:44 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\vv1ex3fj.default\extensions\client@anonymox.net.xpi
[2013.03.03 19:03:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\vv1ex3fj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.13 14:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.13 14:59:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
 
O1 HOSTS File: ([2013.05.01 23:59:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn Hamachi Ui] c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2859147082-2450945637-3050585093-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2859147082-2450945637-3050585093-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2859147082-2450945637-3050585093-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16D0CDC8-3918-4CC7-82A3-6EB4BD069F02}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC15ADB-0C2A-41E4-A8B5-4B4F7DB5D194}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB7F808-D1CE-46D4-BE6C-818F9A3D931B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.03.27 00:09:43 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 19:27:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.02 19:26:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.02 19:25:03 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Daniel\Desktop\JRT.exe
[2013.05.02 11:45:33 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.02 00:01:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.01 23:59:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.01 23:53:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.01 23:53:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.01 23:53:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.01 23:53:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.01 23:52:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.01 23:46:51 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2013.04.30 13:49:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Daniel\Desktop\tdsskiller.exe
[2013.04.30 13:48:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2013.04.29 18:15:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\mbar
[2013.04.29 16:56:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Anti-Malware
[2013.04.29 16:55:47 | 244,183,920 | ---- | C] (Emsisoft GmbH                                              ) -- C:\Users\Daniel\Desktop\EmsisoftAntiMalwareSetup21.exe
[2013.04.29 16:28:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2013.04.29 16:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.29 16:27:32 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.27 22:14:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013.04.27 19:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.04.27 16:42:34 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.23 13:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
[2013.04.23 13:46:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Pro
[2013.04.23 13:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2013.04.23 13:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2013.04.23 13:37:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\DTClient
[2013.04.23 13:18:15 | 000,000,000 | ---D | C] -- C:\perflogs
[2013.04.22 20:48:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Profiles
[2013.04.22 20:48:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Profiles
[2013.04.22 20:48:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Crash Reports
[2013.04.19 23:29:24 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013.04.19 15:23:30 | 000,436,840 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt) -- C:\Windows\SysNative\ACRAMDiskHandlerService64RD3.exe
[2013.04.19 15:23:30 | 000,170,088 | ---- | C] (Softwareentwicklung Remus - ArchiCrypt.com) -- C:\Windows\SysNative\ACMFEngine64RD3.dll
[2013.04.15 17:53:03 | 268,962,552 | ---- | C] (Avira GmbH) -- C:\Users\Daniel\Desktop\rescue_system-common-en.exe
[2013.04.15 16:15:41 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Skrillex
[2013.04.13 14:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 18:18:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\storage
[2013.04.11 18:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2013.04.11 18:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.04.11 02:49:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.11 02:49:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.11 02:49:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.11 02:49:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.11 02:49:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.11 02:49:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.11 02:49:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.11 02:49:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.11 02:49:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.11 02:49:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.11 02:49:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.11 02:49:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.11 02:49:39 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.11 02:49:39 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.11 02:49:37 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 15:42:55 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 15:42:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 15:42:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 15:42:53 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 15:42:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 15:42:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 15:45:58 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.04.09 15:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2013.04.07 19:41:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\MigWiz
[2013.04.07 01:56:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Stronghold 2
[2013.04.06 23:55:49 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.06 23:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefly Studios
[2013.04.06 23:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firefly Studios
[2013.04.05 16:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.04.05 13:26:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2013.04.02 20:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2013.04.02 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2013.04.02 20:01:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\My ISO Files
[2013.04.02 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.02 19:33:37 | 000,628,743 | ---- | M] () -- C:\Users\Daniel\Desktop\adwcleaner.exe
[2013.05.02 19:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013.05.02 19:24:59 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Daniel\Desktop\JRT.exe
[2013.05.02 19:22:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.02 19:22:20 | 000,000,439 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.05.02 11:45:13 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.02 00:18:32 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 00:18:32 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.02 00:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.02 00:10:19 | 2407,747,584 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.01 23:59:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.01 23:46:49 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe
[2013.05.01 23:45:06 | 000,104,757 | ---- | M] () -- C:\Users\Daniel\Desktop\ScreenHunter_02 May. 01 23.45.jpg
[2013.05.01 09:48:50 | 008,222,905 | ---- | M] () -- C:\Users\Daniel\Desktop\Video.mp4
[2013.04.30 23:34:43 | 000,571,767 | ---- | M] () -- C:\Users\Daniel\Desktop\In Spyhunter Search.jpg
[2013.04.30 23:34:07 | 000,350,087 | ---- | M] () -- C:\Users\Daniel\Desktop\In Spyhunter Search (2).jpg
[2013.04.30 23:28:44 | 000,507,775 | ---- | M] () -- C:\Users\Daniel\Desktop\Am Anfang.jpg
[2013.04.30 20:12:10 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat
[2013.04.30 14:05:31 | 006,530,626 | ---- | M] () -- C:\Users\Daniel\Desktop\minecraft.jar
[2013.04.30 13:46:56 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2013.04.30 13:46:48 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.30 13:46:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.30 13:46:48 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.30 13:46:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.30 13:46:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.30 13:45:35 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Daniel\Desktop\tdsskiller.exe
[2013.04.29 22:00:15 | 000,004,081 | ---- | M] () -- C:\Users\Daniel\Desktop\DownloadData.bin
[2013.04.29 20:15:38 | 000,000,235 | ---- | M] () -- C:\Users\Daniel\Desktop\ShiroBPLD.ini
[2013.04.29 20:10:58 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.29 20:10:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.29 18:10:21 | 000,377,856 | ---- | M] () -- C:\Users\Daniel\Desktop\gmer_2.1.19163.exe
[2013.04.29 16:50:53 | 244,183,920 | ---- | M] (Emsisoft GmbH                                              ) -- C:\Users\Daniel\Desktop\EmsisoftAntiMalwareSetup21.exe
[2013.04.29 16:27:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Daniel\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.27 19:48:08 | 024,673,377 | ---- | M] () -- C:\Users\Daniel\Desktop\Minions Banana.mp4
[2013.04.27 19:47:14 | 017,139,875 | ---- | M] () -- C:\Users\Daniel\Desktop\evian the source - Ping Pong.mp4
[2013.04.27 19:45:56 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.04.27 16:48:05 | 000,007,611 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2013.04.27 13:36:07 | 000,002,997 | ---- | M] () -- C:\Users\Daniel\Desktop\Services.dat
[2013.04.23 13:46:46 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2013.04.22 20:48:11 | 000,000,111 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\profiles.ini
[2013.04.15 17:46:01 | 268,962,552 | ---- | M] (Avira GmbH) -- C:\Users\Daniel\Desktop\rescue_system-common-en.exe
[2013.04.14 14:48:30 | 000,000,355 | ---- | M] () -- C:\Users\Daniel\Desktop\Computer.lnk
[2013.04.11 18:18:06 | 000,001,583 | ---- | M] () -- C:\Users\Daniel\Desktop\Splinter Cell.lnk
[2013.04.09 15:45:58 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.04.09 15:06:20 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2013.04.05 16:17:44 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.04.05 13:27:41 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013.04.02 20:01:35 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.02 19:33:44 | 000,628,743 | ---- | C] () -- C:\Users\Daniel\Desktop\adwcleaner.exe
[2013.05.01 23:53:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.01 23:53:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.01 23:53:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.01 23:53:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.01 23:53:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.01 23:50:19 | 000,104,757 | ---- | C] () -- C:\Users\Daniel\Desktop\ScreenHunter_02 May. 01 23.45.jpg
[2013.05.01 09:48:40 | 008,222,905 | ---- | C] () -- C:\Users\Daniel\Desktop\Video.mp4
[2013.05.01 09:47:25 | 000,571,767 | ---- | C] () -- C:\Users\Daniel\Desktop\In Spyhunter Search.jpg
[2013.05.01 09:47:22 | 000,507,775 | ---- | C] () -- C:\Users\Daniel\Desktop\Am Anfang.jpg
[2013.05.01 09:47:20 | 000,350,087 | ---- | C] () -- C:\Users\Daniel\Desktop\In Spyhunter Search (2).jpg
[2013.04.30 20:12:10 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat
[2013.04.30 13:54:15 | 006,530,626 | ---- | C] () -- C:\Users\Daniel\Desktop\minecraft.jar
[2013.04.29 18:15:39 | 000,377,856 | ---- | C] () -- C:\Users\Daniel\Desktop\gmer_2.1.19163.exe
[2013.04.28 14:18:53 | 001,808,896 | ---- | C] () -- C:\Users\Daniel\Desktop\Shiro Boy`s Premium Link Downloader.exe
[2013.04.28 14:18:53 | 000,004,081 | ---- | C] () -- C:\Users\Daniel\Desktop\DownloadData.bin
[2013.04.28 14:18:53 | 000,002,997 | ---- | C] () -- C:\Users\Daniel\Desktop\Services.dat
[2013.04.28 14:18:53 | 000,000,235 | ---- | C] () -- C:\Users\Daniel\Desktop\ShiroBPLD.ini
[2013.04.27 19:47:14 | 024,673,377 | ---- | C] () -- C:\Users\Daniel\Desktop\Minions Banana.mp4
[2013.04.27 19:46:17 | 017,139,875 | ---- | C] () -- C:\Users\Daniel\Desktop\evian the source - Ping Pong.mp4
[2013.04.27 19:45:56 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2013.04.23 13:46:46 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2013.04.22 20:48:11 | 000,000,111 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\profiles.ini
[2013.04.14 14:48:30 | 000,000,355 | ---- | C] () -- C:\Users\Daniel\Desktop\Computer.lnk
[2013.04.11 18:18:06 | 000,001,583 | ---- | C] () -- C:\Users\Daniel\Desktop\Splinter Cell.lnk
[2013.04.06 23:55:07 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Stronghold 2.lnk
[2013.04.05 16:14:35 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.04.05 13:27:41 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013.04.02 20:01:35 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.03.20 23:50:52 | 000,007,611 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg
[2013.03.07 15:05:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.03.07 15:05:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.03.07 15:05:22 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.03.07 15:05:21 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.03.07 15:05:19 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.03.04 23:44:56 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.04 23:44:40 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.03 16:40:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.03.02 21:43:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2013.03.02 21:23:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.11.21 15:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.01 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft
[2013.03.05 01:03:31 | 000,000,000 | -H-D | M] -- C:\Users\Daniel\AppData\Roaming\AA962587
[2013.04.22 20:48:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Crash Reports
[2013.04.23 13:47:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Pro
[2013.03.13 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InterVideo
[2013.04.28 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IObit
[2013.03.03 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2013.04.22 20:48:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Profiles
[2013.03.03 00:17:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Toshiba
[2013.03.07 23:58:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >

PS: Haben die Bilder eig. geholfen?

cosinus 03.05.2013 23:00

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
[2013.03.05 01:03:31 | 000,000,000 | -H-D | M] -- C:\Users\Daniel\AppData\Roaming\AA962587
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Daniel12123 04.05.2013 12:40
So gemacht, hier das Log-File von OTL mit Fix:

Code:
All processes killed
========== OTL ==========
C:\Users\Daniel\AppData\Roaming\AA962587 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Daniel\Desktop\cmd.bat deleted successfully.
C:\Users\Daniel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Daniel
->Temp folder emptied: 44329 bytes
->Temporary Internet Files folder emptied: 4263490 bytes
->Java cache emptied: 21420 bytes
->FireFox cache emptied: 5745621 bytes
->Flash cache emptied: 506 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4536 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 10,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 05042013_133527

Files\Folders moved on Reboot...
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 04.05.2013 14:41
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Daniel12123 04.05.2013 22:59
Malwarebytes Anti-Malware:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Daniel :: DANIEL-TOSH [Administrator]

04.05.2013 18:55:06
MBAM-log-2013-05-04 (20-51-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426531
Laufzeit: 1 Stunde(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\PRIVAT\Daniel\Alt\Daniel\Anwendungsdaten\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.

(Ende)


ESTA:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=156e068cadf20248b5289616fef3c686
# engine=13753
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-04 04:32:36
# local_time=2013-05-04 06:32:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 17749 233108446 10406 0
# compatibility_mode=5893 16776573 100 94 14934 119315006 0 0
# scanned=215213
# found=0
# cleaned=0
# scan_time=6677

cosinus 04.05.2013 23:16
Nur ein Rest, wurde gelöscht. Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Daniel12123 05.05.2013 11:32
Ähm ja es ist immer noch da, sich wie ich schon am Anfang geschrieben habe. Bevor Windows überhaupt startet kommt es... ich habe dazu Bilder hochgeladen, vielleicht helfen dir dies dabei herauszufinden wo die Reste sind. ich habe schon selber nach diesen Pfaden und Dateien gesucht aber nichts gefunden.

cosinus 06.05.2013 09:17
Dann hat Spyhunter deinen MBR verbogen.
Starte Windows neu, drück F8 um in die Bootoptionen zu gelangen, also der gleiche Weg um in den abgesicherten Modus zu kommen. Wähle dort aber NICHT den abgesicherten Modus, sondern "Computer reparieren" - log dich ein falls erforderlich und wähle dann die Eingabeaufforderung, tipp folgenden Befehl ein und führe ihn mit der Eingabetaste aus:

Code:
bootrec.exe /fixmbr
Starte den Rechner neu und berichte ob Windows nun ohne das von Spyhunter hinterlegte grub4dos startet.

Daniel12123 06.05.2013 16:27
Hab's gerade gemacht, hat nichts gebracht. Kann man die Datei nicht einfach löschen? Also irgendwo muss es ja abgespeichert haben, was es tun soll.


Hab dafür aber was anderes rausgefunden: siehe Anhang (was ist das?)

Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601

device: opened successfully
user: error reading MBR
error: Read  Das Handle ist ungültig.
kernel: error reading MBR

cosinus 06.05.2013 20:23
Das ist keine Datei, der MBR ist der erste Sektor der Festplatte.

Mach es bitte nochmal mit der Eingabeaufforderung über die Computerreparaturoptionen, tipp bitte aber folgende Befehle ein und führ sie aus:

Code:
bootrec.exe /fixmbr
bootrec.exe /fixboot

Daniel12123 07.05.2013 08:26
Also ich habe es gestern so wie du es beschreiben hast, hat aber leider nichts gebracht. Es ist immer noch genau so da... Kann Land Ende MRB nicht reseten oder neu schreiben? Oder auf Standard setzen?

cosinus 07.05.2013 10:28
Boote mal von deiner Windows-7-DVD, wähle da die Computerreparturoptionen aus, Eingabeaufforderung und dann die beiden Befehle nochmal nacheinander ausführen.

Falls du keine Windows-7-DVD hast => http://www.trojaner-board.de/100776-...tml#post676887

Daniel12123 07.05.2013 17:26
Ok werde ich machen, aber irgendwie brauch der download bei mir 12h. Ich weis das ich eine schnellere Leitung habe (bis max. 1,2Mb download). Jetzt kann ich aber nur mit 75-80Kb runterladen...

Habe gerade aber ein anderes Problem noch.
Wenn ich Free System Utilities deinstalliern möchte kommt eine Fehlermeldung und es wird auf ein dazu erstelltes Log verwiesen (siehe Anhang)



PS: Habt ihr das mit dem einfügen hier geändert? Die "#"-Taste ist nicht mehr da-


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:29 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131