Trojaner-Board - Virus aus Russland

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Virus aus Russland (https://www.trojaner-board.de/103105-virus-russland.html)

Virus aus Russland

Hallo,

also ich habe mir vor kurzem (keine ahnung wie) einen Virus eingefangen. Ich hatte meinen Pc laufen und als ich wieder kam war auf einmal eine komische Datei auf dem Desktop. In der Detailbeschreibung war eine (ich glaube) Papierfabrik in Russland als Ursprung genannt und der Name etc. war auf russisch.

Ich habe also die Datei gelöscht. Darauf sind aber nacheinander immer wieder Windows Fenster aufgegangen, in denen ich aufgefordert wurde eine Installation zuzulassen -> natürlich abgelehnt. Weil das aber nicht aufhörte habe ich den Laptop ausgeschaltet und wieder hochgefahren. Das problem mit den Fenstern war nun weg, aber der Virus hat mein System trotzdem infiziert und legt es total lahm, das heißt der mein Pc läuft nurnoch verdammt langsam...

Habe daraufhin versucht mit verschiedenen Virenprogrammen was zu finden bzw. es zu lösen aber keine Chance.

Hier noch ein Bild das 2 der neuangelegten Systemstartprogramme zeigt.
Eslaufen auch einige rundll32.exe meh als sonst.

http://img27.imageshack.us/img27/7830/neuebitmapn.png

Ich hoffe ich habe alles richtig gemacht und Ihr könnt damit was anfangen und mir helfen...

Vielen dank schon mal im Voraus!

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

O4 - HKLM..\Run: [TWebCamera] File not found

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [{221117D1-1E1D-B216-55C2-9C982CB53E98}] File not found

O4 - HKCU..\Run: [NvCplDaemonTool] C:\Users\Michael\kbloadCF.dll (Корпорация Майкрософт;)

O4 - HKCU..\Run: [Uvixalosacevez] File not found

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3OnlineTimer.lnk = File not found

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll (Корпорация Майкрософт;)

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = File not found

O33 - MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\Shell - "" = AutoRun

O33 - MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\Shell - "" = AutoRun

O33 - MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\Shell\AutoRun\command - "" = G:\NokiaPCIA_Autorun.exe

O33 - MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\Shell - "" = AutoRun

O33 - MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\Shell - "" = AutoRun

O33 - MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\Shell\AutoRun\command - "" = D:\Autorun.exe

MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

:Commands

[purity]

[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

OTL Logfile:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TWebCamera deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{221117D1-1E1D-B216-55C2-9C982CB53E98} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{221117D1-1E1D-B216-55C2-9C982CB53E98}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool deleted successfully.

C:\Users\Michael\kbloadCF.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uvixalosacevez deleted successfully.

C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\g3OnlineTimer.lnk moved successfully.

C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll moved successfully.

C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dbc603f-ea36-11de-a7af-00235afdef2c}\ not found.

File I:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcafd88-4da2-11e0-ab4d-0024d2c8c695}\ not found.

File G:\NokiaPCIA_Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8db3a56c-8205-11df-a935-0024d2c8c695}\ not found.

File H:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f7b8fe1-5ed3-11e0-afd1-0024d2c8c695}\ not found.

File D:\Autorun.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Uvixalosacevez\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemonTool\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Michael

->Temp folder emptied: 8068207 bytes

->Temporary Internet Files folder emptied: 4332146797 bytes

->Java cache emptied: 11800 bytes

->FireFox cache emptied: 76769173 bytes

->Flash cache emptied: 656 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 932940363 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 333 bytes

 

Total Files Cleaned = 5.102,00 mb

 

 

OTL by OldTimer - Version 3.2.27.0 log created on 09022011_113136
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DF7116.tmp not found!

File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DF8A56.tmp not found!

C:\Users\Michael\AppData\Local\Temp\Low\~DFBB61.tmp moved successfully.

File\Folder C:\Users\Michael\AppData\Local\Temp\Low\~DFD8DE.tmp not found!

File\Folder C:\Windows\temp\mcafee_3c1cEgUWFB35Boj not found!

File\Folder C:\Windows\temp\mcafee_S7MOwkWWuLUfhZG not found!

File\Folder C:\Windows\temp\mcmsc_bemWE91M9wlQeAd not found!

File\Folder C:\Windows\temp\mcmsc_wSUHtfcsAiPIrhd not found!

File\Folder C:\Windows\temp\mcmsc_YINnpWaMMA8Flni not found!

File\Folder C:\Windows\temp\sqlite_5fhrOdOGfCDLOfz not found!

File\Folder C:\Windows\temp\sqlite_cJwwA1SgdOsMiMZ not found!

File\Folder C:\Windows\temp\sqlite_Sa4c1Hj6BiyLwWt not found!

File\Folder C:\Windows\temp\sqlite_Tq028hkiBF2a34P not found!
 

Registry entries deleted on Reboot...

Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org
 

Datenbank Version: 7635
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

02.09.2011 11:52:11

mbam-log-2011-09-02 (11-52-11).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 178774

Laufzeit: 3 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 1

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 3
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

c:\Users\Michael\kbloadCF.dll (Trojan.Agent.WIMP) -> Delete on reboot.
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NvCplDaemonTool (Trojan.Agent.WIMP) -> Value: NvCplDaemonTool -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Users\Michael\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scanjdiskb96.dll (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Users\Michael\kbloadCF.dll (Trojan.Agent.WIMP) -> Quarantined and deleted successfully.

Schritt 1

Wie läufts?

Schritt 2

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

explorer.exe

regedit.exe

winlogon.exe

wininit.exe

userinit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Naja alles noch immer beim Alten soweit ich das feststellen kann.

habe das Ergebnis als zib angehängt.

wobei OTL die Datei Extras nicht selbst aufgemacht hat. Ich weis ja nicht ob das was bedeutet :)

Kann man schon sagen was das für eine Art von Virus ist, bzw. was es macht?

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Jetzt ist es gerade so das ich einige Programme nur mit rechtsklick -> als Administrator ausführen öffnen kann. (z.B. I-explorer)

Hier mal die Logfile von Gmer:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-09-02 19:08:29

Windows 6.0.6002 Service Pack 2 

Running: rkojfyxl.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                    

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                 0

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                              0x63 0x6B 0x45 0x86 ...

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 1

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x29 0x4D 0x79 0xC1 ...

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x5D 0x31 0xB2 0x01 ...

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      

Reg   HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xF5 0xD4 0xFA 0xD7 ...

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                     0

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                  0x63 0x6B 0x45 0x86 ...

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     1

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x29 0x4D 0x79 0xC1 ...

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x5D 0x31 0xB2 0x01 ...

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  

Reg   HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xF5 0xD4 0xFA 0xD7 ...
 

---- Files - GMER 1.0.15 ----
 

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci          0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.dir         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.ci          0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.dir         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.ci          0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.dir         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.ci          0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.dir         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.ci          0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.dir         0 bytes

File  C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid         0 bytes
 

---- EOF - GMER 1.0.15 ----

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Konnte heute leider nicht früher...

hier das Ergebnis:

Code:

ComboFix 11-09-02.04 - Michael 03.09.2011  17:12:49.1.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.6108.4182 [GMT 2:00]

ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-08-03 bis 2011-09-03  ))))))))))))))))))))))))))))))

.

.

2011-09-03 15:25 . 2011-09-03 15:28        --------        d-----w-        c:\users\Michael\AppData\Local\temp

2011-09-03 15:25 . 2011-09-03 15:25        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-09-02 09:41 . 2011-09-02 09:41        --------        d-----w-        c:\users\Michael\AppData\Roaming\Malwarebytes

2011-09-02 09:40 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-02 09:40 . 2011-09-02 09:40        --------        d-----w-        c:\programdata\Malwarebytes

2011-09-02 09:40 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-02 09:40 . 2011-09-02 09:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-02 09:31 . 2011-09-02 09:31        --------        d-----w-        C:\_OTL

2011-09-02 05:25 . 2011-09-02 05:25        --------        d-----w-        C:\ProcAlyzer Dumps

2011-09-01 08:00 . 2011-09-01 07:07        16432        ----a-w-        c:\windows\system32\lsdelete.exe

2011-09-01 07:07 . 2011-09-01 07:07        55384        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-09-01 07:03 . 2011-09-02 07:37        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2011-09-01 07:00 . 2011-08-18 13:25        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\program files (x86)\Lavasoft

2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\programdata\Lavasoft

2011-08-28 17:18 . 2011-09-01 08:00        --------        d-----w-        c:\users\Michael\AppData\Roaming\Lufec

2011-08-28 09:29 . 2011-08-28 09:29        --------        dc-h--w-        c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files (x86)\Common Files\Native Instruments

2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Common Files\Native Instruments

2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\programdata\Native Instruments

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Native Instruments

2011-08-24 15:32 . 2011-07-11 13:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-08-24 15:32 . 2011-07-11 13:25        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-08-23 12:07 . 2011-08-23 12:07        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-14 19:32 . 2011-08-24 18:35        16856        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-container.exe

2011-08-14 19:32 . 2011-08-24 18:35        719832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozcpp19.dll

2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-10 20:36 . 2011-06-17 16:16        451072        ----a-w-        c:\windows\system32\winsrv.dll

2011-08-10 20:36 . 2011-07-06 15:49        275456        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 20:36 . 2011-06-17 20:14        1427344        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-08-10 20:36 . 2011-06-20 08:45        4699536        ----a-w-        c:\windows\system32\ntoskrnl.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-02 07:57 . 2011-08-02 07:57        0        ---ha-w-        c:\users\Michael\AppData\Local\BIT9937.tmp

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]

"NvCplDaemonTool"="c:\users\Michael\kbloadCF.dll" [2011-04-12 824320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-06-05 136600]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]

"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]

"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]

"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

.

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

scandisk.lnk - c:\windows\system32\rundll32.exe [2006-11-2 46592]

scanjdiskb96.dll [2011-4-12 824320]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe\0lsdelete

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 cpuz130;cpuz130;c:\users\Michael\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 803696]

R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-06 36864]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]

S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]

S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]

.

2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]

.

2011-03-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]

.

2011-03-31 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.at/ig

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.138

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3v3a52fx.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Free Audio CD Burner_is1 - c:\program files (x86)\DVDVideoSoft\Free Audio CD Burner\unins000.exe

AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\McAfee\MPF\MPFSrv.exe

c:\program files (x86)\McAfee\MSK\MskSrver.exe

c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\progra~2\McAfee\MSC\mcmscsvc.exe

c:\progra~2\mcafee.com\agent\mcagent.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe

c:\program files (x86)\Java\jre6\bin\jucheck.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-09-03  17:35:11 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-09-03 15:35

.

Vor Suchlauf: 13 Verzeichnis(se), 15.030.579.200 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 14.764.945.408 Bytes frei

.

- - End Of File - - E01066A4C82EC431D325F80E1155020B

Melde mich am Abend wieder. Bin bei der Arbeit.

Schritt 1

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

Registry::

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemonTool"=-

File::

c:\users\Michael\kbloadCF.dll

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt 2

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

:filefind *scandisk* :regfind *sandisk* :content *scandisk*
Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Dauert jetzt leider auch bei mir manchmal länger da ich auch arbeiten muss...

Hier die Files:

Code:

ComboFix 11-09-04.03 - Michael 05.09.2011  11:17:32.2.2 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.6108.4334 [GMT 2:00]

ausgeführt von:: c:\users\Michael\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Michael\Desktop\CFScript.txt

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Personal Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: McAfee VirusScan *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Im Speicher befindliches AV aktiv.

.

.

FILE ::

"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk"

"c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll"

"c:\users\Michael\kbloadCF.dll"

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scanjdiskb96.dll

c:\users\Michael\kbloadCF.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-08-05 bis 2011-09-05  ))))))))))))))))))))))))))))))

.

.

2011-09-05 09:28 . 2011-09-05 10:03        --------        d-----w-        c:\users\Michael\AppData\Local\temp

2011-09-05 09:28 . 2011-09-05 09:28        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-09-02 09:41 . 2011-09-02 09:41        --------        d-----w-        c:\users\Michael\AppData\Roaming\Malwarebytes

2011-09-02 09:40 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-09-02 09:40 . 2011-09-02 09:40        --------        d-----w-        c:\programdata\Malwarebytes

2011-09-02 09:40 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-02 09:40 . 2011-09-02 09:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-02 09:31 . 2011-09-02 09:31        --------        d-----w-        C:\_OTL

2011-09-02 05:25 . 2011-09-02 05:25        --------        d-----w-        C:\ProcAlyzer Dumps

2011-09-01 08:00 . 2011-09-01 07:07        16432        ----a-w-        c:\windows\system32\lsdelete.exe

2011-09-01 07:07 . 2011-09-01 07:07        55384        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-09-01 07:03 . 2011-09-02 07:37        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2011-09-01 07:00 . 2011-08-18 13:25        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\program files (x86)\Lavasoft

2011-09-01 07:00 . 2011-09-01 07:00        --------        d-----w-        c:\programdata\Lavasoft

2011-08-28 17:18 . 2011-09-01 08:00        --------        d-----w-        c:\users\Michael\AppData\Roaming\Lufec

2011-08-28 09:29 . 2011-08-28 09:29        --------        dc-h--w-        c:\programdata\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files (x86)\Common Files\Native Instruments

2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Common Files\Native Instruments

2011-08-28 09:27 . 2011-08-28 09:27        --------        dc-h--w-        c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\programdata\Native Instruments

2011-08-28 09:27 . 2011-08-28 09:27        --------        d-----w-        c:\program files\Native Instruments

2011-08-24 15:32 . 2011-07-11 13:45        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-08-24 15:32 . 2011-07-11 13:25        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-08-23 12:07 . 2011-08-23 12:07        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-08-14 19:32 . 2011-08-24 18:35        16856        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-container.exe

2011-08-14 19:32 . 2011-08-24 18:35        719832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozcpp19.dll

2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-08-10 20:36 . 2011-06-06 10:59        2409784        ----a-w-        c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-10 20:36 . 2011-06-17 16:16        451072        ----a-w-        c:\windows\system32\winsrv.dll

2011-08-10 20:36 . 2011-07-06 15:49        275456        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 20:36 . 2011-06-17 20:14        1427344        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-08-10 20:36 . 2011-06-20 08:45        4699536        ----a-w-        c:\windows\system32\ntoskrnl.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-02 07:57 . 2011-08-02 07:57        0        ---ha-w-        c:\users\Michael\AppData\Local\BIT9937.tmp

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-09-03_15.27.54   )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 03:20 . 2011-09-03 12:36        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-01-21 03:20 . 2011-09-05 08:47        49152              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-01-21 03:20 . 2011-09-03 12:36        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-09-05 08:47        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-01-21 03:20 . 2011-09-05 08:47        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-01-21 03:20 . 2011-09-03 12:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-01-21 02:23 . 2011-09-05 08:44        76714              c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-09-06 09:12 . 2011-09-05 08:44        19482              c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2670276443-3452161126-3766956368-1000_UserData.bin

- 2009-09-05 09:47 . 2011-09-03 15:27        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-05 09:47 . 2011-09-05 10:03        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-05 09:47 . 2011-09-05 10:03        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-05 09:47 . 2011-09-03 15:27        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-05 09:47 . 2011-09-05 10:03        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-05 09:47 . 2011-09-03 15:27        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-09-03 15:27 . 2011-09-03 15:27        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-05 09:30 . 2011-09-05 09:30        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-09-05 09:30 . 2011-09-05 09:30        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-09-03 15:27 . 2011-09-03 15:27        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-05 10:20 . 2011-09-04 10:21        602906              c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 15:45 . 2011-09-05 08:44        128404              c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2006-11-02 12:46 . 2011-09-03 15:08        595996              c:\windows\system32\perfh009.dat

+ 2006-11-02 12:46 . 2011-09-05 09:36        595996              c:\windows\system32\perfh009.dat

- 2008-01-21 11:09 . 2011-09-03 15:08        628742              c:\windows\system32\perfh007.dat

+ 2008-01-21 11:09 . 2011-09-05 09:36        628742              c:\windows\system32\perfh007.dat

+ 2006-11-02 12:46 . 2011-09-05 09:36        104070              c:\windows\system32\perfc009.dat

- 2006-11-02 12:46 . 2011-09-03 15:08        104070              c:\windows\system32\perfc009.dat

- 2008-01-21 11:09 . 2011-09-03 15:08        126454              c:\windows\system32\perfc007.dat

+ 2008-01-21 11:09 . 2011-09-05 09:36        126454              c:\windows\system32\perfc007.dat

- 2010-06-21 20:16 . 2011-09-03 15:26        314576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-06-21 20:16 . 2011-09-05 09:29        314576              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-09-05 09:23 . 2011-09-05 09:29        2079256              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-09-05 09:23 . 2011-09-03 15:26        2079256              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2010-06-21 20:16 . 2011-09-03 15:26        1592444              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-8192.dat

+ 2010-06-21 20:16 . 2011-09-05 09:29        1592444              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-8192.dat

- 2011-08-23 21:29 . 2011-09-03 15:26        1988832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-12288.dat

+ 2011-08-23 21:29 . 2011-09-05 09:29        1988832              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-12288.dat

+ 2011-05-10 21:24 . 2011-09-05 09:29        29671948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2670276443-3452161126-3766956368-1000-4096.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2008-11-21 438272]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-06-05 136600]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-21 61440]

"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2008-11-26 701752]

"NDSTray.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-12 299008]

"cfFncEnabler.exe"="c:\program files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-3-19 2532680]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-2-24 391072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe\0lsdelete

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 0004421315213822mcinstcleanup;McAfee Application Installer Cleanup (0004421315213822);c:\windows\TEMP\000442~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 cpuz130;cpuz130;c:\users\Michael\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

R4 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe [2007-05-04 36864]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-15 803696]

R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-03-12 117248]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-16 20544]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-03-06 36864]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-04-01 62776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-24 242176]

S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 84480]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 arcvad_ds2dhw;ArcMIVEVad Service;c:\windows\system32\drivers\ArcVad.sys [x]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]

S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [x]

S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]

.

2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 21:54]

.

2011-03-14 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]

.

2011-03-31 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-09-14 19:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-30 7574048]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1716008]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-04-23 1128448]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]

"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.at/ig

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.138

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\3v3a52fx.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\program files (x86)\McAfee\MPF\MPFSrv.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\McAfee\MSK\MskSrver.exe

c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\progra~2\McAfee\MSC\mcmscsvc.exe

c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~2\mcafee.com\agent\mcagent.exe

c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-09-05  12:07:39 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-09-05 10:07

ComboFix2.txt  2011-09-03 15:35

.

Vor Suchlauf: 16 Verzeichnis(se), 14.395.842.560 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 14.227.410.944 Bytes frei

.

- - End Of File - - 16EB90936F9B95E85646BC0C999A585F

Look:

Code:

SystemLook 30.07.11 by jpshortstuff

Log created at 12:15 on 05/09/2011 by Michael

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
 

========== filefind ==========
 

Searching for "*scandisk*"

C:\Qoobox\Quarantine\C\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk.vir        --a---- 901 bytes        [10:11 04/09/2011]        [09:08 05/09/2011] EE98638E7379438B9613E500882A0CF8

C:\Windows\pss\scandisk.lnk.Startup        ------- 901 bytes        [05:28 01/09/2011]        [15:04 02/09/2011] EE98638E7379438B9613E500882A0CF8
 

========== regfind ==========
 

Searching for "*sandisk*"

No data found.
 

Invalid Context: content
 

No Context: *scandisk*
 

No Context:          
 

-= EOF =-

Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

activex

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

/md5start

explorer.exe

regedit.exe

winlogon.exe

wininit.exe

userinit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Ich bekomme nur eine logfile keine xtras
achja und ich muss aufteilen weil tb hängt sich sonst immer auf:

Code:

OTL logfile created on: 06.09.2011 14:41:11 - Run 3

OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Michael\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

5,96 Gb Total Physical Memory | 4,38 Gb Available Physical Memory | 73,47% Memory free

12,12 Gb Paging File | 10,29 Gb Available in Paging File | 84,86% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 186,31 Gb Total Space | 13,22 Gb Free Space | 7,10% Space Free | Partition Type: NTFS

Drive E: | 184,84 Gb Total Space | 171,18 Gb Free Space | 92,61% Space Free | Partition Type: NTFS

 

Computer Name: LT | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.02 09:44:10 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe

PRC - [2011.08.23 14:07:42 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe

PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.03.17 10:15:46 | 000,382,272 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

PRC - [2009.07.10 03:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe

PRC - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe

PRC - [2009.07.10 00:26:20 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\mcafee.com\agent\mcagent.exe

PRC - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe

PRC - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

PRC - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe

PRC - [2009.05.12 22:26:42 | 000,299,008 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe

PRC - [2009.04.16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe

PRC - [2009.03.30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2009.03.19 19:57:32 | 002,532,680 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2009.03.10 18:50:36 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe

PRC - [2009.03.06 17:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

PRC - [2009.02.03 15:07:50 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

PRC - [2009.01.26 13:58:42 | 000,700,416 | ---- | M] (TOSHIBA Corporation.) -- C:\Programme\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe

PRC - [2009.01.13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

PRC - [2009.01.07 11:23:32 | 000,357,704 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2008.11.26 19:26:48 | 000,701,752 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files (x86)\Toshiba\TRCMan\TRCMan.exe

PRC - [2008.07.24 11:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.03.30 18:08:06 | 001,034,784 | ---- | M] () -- C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.04.24 11:40:26 | 000,242,176 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2009.04.21 22:07:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009.04.15 17:08:20 | 000,803,696 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2009.03.17 11:48:54 | 000,084,480 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2009.03.06 18:30:32 | 000,488,288 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2008.09.15 14:35:20 | 000,564,536 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2007.11.21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV - [2011.09.01 09:07:03 | 002,151,640 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.08.18 20:23:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)

SRV - [2011.02.16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010.12.08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.07.10 03:26:42 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009.07.10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009.07.08 15:15:04 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009.07.08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009.07.08 13:37:28 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009.07.08 13:11:52 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe -- (McSysmon)

SRV - [2009.07.08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe -- (McProxy)

SRV - [2009.07.07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe -- (McNASvc)

SRV - [2009.04.16 18:42:58 | 000,020,544 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Web Camera Application\TWebCameraSrv.exe -- (camsvc)

SRV - [2009.04.01 18:10:58 | 000,062,776 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009.03.30 16:57:22 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.03.17 14:37:10 | 000,189,808 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2009.03.12 17:50:12 | 000,117,248 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

SRV - [2009.03.10 18:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2009.03.06 17:27:10 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)

SRV - [2009.02.11 13:05:16 | 000,242,424 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007.05.04 15:24:30 | 000,036,864 | ---- | M] (Dassault Systemes) [Disabled | Stopped] -- C:\Program Files (x86)\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe -- (BBDemon)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)

DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.04.04 19:30:00 | 000,272,448 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2010.07.30 15:18:04 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltjx64.sys -- (UsbserFilt)

DRV:64bit: - [2010.07.30 15:18:02 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)

DRV:64bit: - [2010.07.30 15:18:00 | 000,026,624 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)

DRV:64bit: - [2010.07.30 15:17:56 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)

DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2009.11.09 14:15:34 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009.07.16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Mpfp.sys -- (MPFP)

DRV:64bit: - [2009.07.08 13:44:14 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2009.07.08 13:44:14 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2009.07.08 13:44:14 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2009.07.08 13:37:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.04.24 14:29:40 | 000,206,336 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2009.04.21 23:30:46 | 005,356,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009.04.11 07:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2009.04.08 16:36:40 | 000,138,592 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)

DRV:64bit: - [2009.03.25 17:23:26 | 000,035,392 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2009.03.23 17:28:30 | 000,056,320 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfsnd.sys -- (TosRfSnd)

DRV:64bit: - [2009.03.23 16:48:20 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009.03.20 16:37:40 | 000,266,288 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2009.03.19 14:07:46 | 000,052,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys -- (Tosrfusb)

DRV:64bit: - [2009.03.18 11:46:44 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pgeffect.sys -- (PGEffect)

DRV:64bit: - [2009.03.12 11:33:06 | 000,020,992 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys -- (tosrfnds)

DRV:64bit: - [2009.03.05 11:03:34 | 000,088,576 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys -- (Tosrfhid)

DRV:64bit: - [2009.03.03 15:34:54 | 000,045,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tosrfbnp.sys -- (tosrfbnp)

DRV:64bit: - [2009.02.19 16:20:18 | 000,076,160 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tosrfcom.sys -- (Tosrfcom)

DRV:64bit: - [2009.02.11 17:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2009.01.27 19:12:14 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2008.12.30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)

DRV:64bit: - [2008.11.17 07:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)

DRV:64bit: - [2008.11.11 18:30:12 | 000,189,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)

DRV:64bit: - [2008.10.28 12:27:52 | 000,027,136 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcVad.sys -- (arcvad_ds2dhw)

DRV:64bit: - [2008.10.06 17:56:58 | 000,173,696 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys -- (tosrfbd)

DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)

DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2008.08.13 11:30:06 | 000,669,696 | ---- | M] (DiBcom) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dvb7700all.sys -- (mod7700)

DRV:64bit: - [2008.04.29 01:56:00 | 000,014,336 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhid.sys -- (enecirhid)

DRV:64bit: - [2008.04.25 09:16:00 | 000,006,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecirhidma.sys -- (enecirhidma)

DRV:64bit: - [2008.04.25 07:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV:64bit: - [2008.03.25 13:54:26 | 000,049,152 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosporte.sys -- (tosporte)

DRV:64bit: - [2008.01.21 04:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2007.12.11 14:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2007.11.09 14:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2007.09.04 10:29:04 | 000,014,872 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Thpevm.SYS -- (Thpevm)

DRV:64bit: - [2006.10.23 16:33:08 | 000,018,944 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tosrfec.sys -- (tosrfec)

DRV:64bit: - [2006.09.18 23:38:10 | 001,074,688 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)

DRV - [2008.05.07 11:30:14 | 000,032,040 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ig

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.03.24 20:18:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.09.01 07:26:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.24 20:35:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.24 20:35:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.03.24 20:18:33 | 000,000,000 | ---D | M]

 

[2009.09.15 13:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions

[2011.09.04 11:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions

[2009.09.15 13:50:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.07.20 15:48:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\3v3a52fx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2009.09.15 13:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.09.01 07:26:25 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

[2011.08.14 21:32:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.08.14 21:32:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.08.14 21:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.08.14 21:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.08.14 21:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.09.05 12:03:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Programme\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)

O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe (TOSHIBA Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} -  File not found

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} -  File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30CF765A-FD14-477F-B8CC-DCCE3264146C}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AA1371-8315-4730-955B-7135AE381425}: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02BBD11-BCAB-4C99-A96B-03702D52DEB5}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg

O24 - Desktop BackupWallPaper: C:\Users\Michael\Pictures\Autos\2008-Abt-Audi-R8-Section-1920x1440.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Teil 2:

Code:

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~2\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk -  - File not found

MsConfig:64bit - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: HWSetup - hkey= - key= - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

MsConfig:64bit - StartUpReg: NokiaPCInternetAccess - hkey= - key= - C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe (Nokia)

MsConfig:64bit - StartUpReg: NvCplDaemonTool - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: SmoothView - hkey= - key= - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: TOSHIBA Online Product Information - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)

MsConfig:64bit - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)

MsConfig:64bit - StartUpReg: TPCHWMsg - hkey= - key= - C:\Programme\TOSHIBA\TPHM\TPCHWMsg.exe (TOSHIBA Corporation)

MsConfig:64bit - StartUpReg: Uvixalosacevez - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: WrtMon.exe - hkey= - key= - C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.05 12:07:41 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\temp

[2011.09.05 12:03:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011.09.05 11:06:08 | 004,194,092 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe

[2011.09.03 17:10:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.09.03 17:10:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.09.03 17:10:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.09.03 17:10:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.09.03 17:08:24 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.09.02 11:41:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes

[2011.09.02 11:40:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.09.02 11:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.02 11:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.02 11:40:54 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.09.02 11:40:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.09.02 11:31:36 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.09.02 09:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2011.09.02 07:25:55 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps

[2011.09.01 09:07:32 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011.09.01 09:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011.09.01 09:00:58 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011.09.01 09:00:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2011.09.01 09:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011.08.28 19:18:45 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Lufec

[2011.08.28 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Native Instruments

[2011.08.28 11:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1D11E9B5-801D-4DE3-8A18-77AC160788F6}

[2011.08.28 11:27:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments

[2011.08.28 11:27:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DCC412E7-393B-4016-91FB-9307F059AFB6}

[2011.08.28 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments

[2011.08.28 11:27:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments

[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments

[2011.08.28 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments

[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.06 13:46:59 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.09.06 13:46:59 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.09.06 13:46:59 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.09.06 13:46:59 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.09.06 13:46:59 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.09.06 13:41:48 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc0f9c7af0cc20.job

[2011.09.06 13:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.06 13:41:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.06 13:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.06 13:41:29 | 2110,648,319 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.05 19:22:22 | 000,042,335 | ---- | M] () -- C:\Windows\SysNative\Config.MPF

[2011.09.05 12:14:42 | 000,139,264 | ---- | M] () -- C:\Users\Michael\Desktop\SystemLook.exe

[2011.09.05 12:03:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011.09.05 11:06:20 | 004,194,092 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\ComboFix.exe

[2011.09.02 17:39:26 | 000,302,592 | ---- | M] () -- C:\Users\Michael\Desktop\rkojfyxl.exe

[2011.09.02 11:40:59 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.02 09:57:28 | 000,672,398 | ---- | M] () -- C:\Users\Michael\Neue Bitmap.bmp

[2011.09.02 09:36:33 | 000,000,020 | ---- | M] () -- C:\Users\Michael\defogger_reenable

[2011.09.02 09:36:16 | 000,050,477 | ---- | M] () -- C:\Users\Michael\Desktop\Defogger.exe

[2011.09.02 09:31:42 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2011.09.01 09:07:31 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011.09.01 09:07:28 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe

[2011.09.01 09:01:00 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.08.28 11:29:06 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk

[2011.08.28 11:27:41 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Controller Editor.lnk

[2011.08.28 11:27:18 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Service Center.lnk

[2011.08.20 19:05:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cc0f9c7bb5a2c0.job

[2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[1 C:\Users\Michael\AppData\Local\*.tmp files -> C:\Users\Michael\AppData\Local\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.09.05 12:14:42 | 000,139,264 | ---- | C] () -- C:\Users\Michael\Desktop\SystemLook.exe

[2011.09.03 17:10:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011.09.03 17:10:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011.09.03 17:10:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.09.03 17:10:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.09.03 17:10:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.09.02 17:39:24 | 000,302,592 | ---- | C] () -- C:\Users\Michael\Desktop\rkojfyxl.exe

[2011.09.02 11:40:59 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.02 09:54:33 | 000,672,398 | ---- | C] () -- C:\Users\Michael\Neue Bitmap.bmp

[2011.09.02 09:36:33 | 000,000,020 | ---- | C] () -- C:\Users\Michael\defogger_reenable

[2011.09.02 09:36:11 | 000,050,477 | ---- | C] () -- C:\Users\Michael\Desktop\Defogger.exe

[2011.09.02 09:30:36 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2011.09.01 10:00:11 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe

[2011.09.01 09:01:00 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.08.28 11:29:06 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk

[2011.08.28 11:27:41 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Controller Editor.lnk

[2011.08.28 11:27:18 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Service Center.lnk

[2010.09.20 20:17:14 | 000,000,680 | ---- | C] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat

[2010.06.10 10:58:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2010.04.29 00:10:41 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2010.04.12 18:10:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.04.07 15:58:09 | 000,088,872 | ---- | C] () -- C:\Windows\War3Unin.dat

[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009.09.22 21:12:53 | 000,024,226 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\UserTile.png

[2009.09.17 08:27:20 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll

[2009.09.15 14:06:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009.09.15 14:05:30 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2009.09.15 14:04:53 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.09.15 13:48:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009.09.15 13:35:41 | 000,113,664 | ---- | C] () -- C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.05 11:33:25 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2009.09.05 11:09:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009.06.05 09:12:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2008.09.02 02:32:38 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

 
 ========== LOP Check ==========

 

[2010.03.15 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Lite

[2011.04.04 19:31:53 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DAEMON Tools Pro

[2009.11.09 14:28:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DassaultSystemes

[2011.07.20 15:49:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft

[2011.07.20 15:48:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.09.01 10:00:11 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lufec

[2009.11.17 23:05:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\myphotobook

[2011.03.13 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia

[2011.03.13 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nokia Ovi Suite

[2011.03.13 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PC Suite

[2009.09.22 21:12:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PeerNetworking

[2010.05.12 17:34:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TOSHIBA

[2010.12.15 15:22:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TrafficMonitor

[2011.06.09 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client

[2011.01.03 11:52:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Web Page Maker

[2011.03.15 01:59:59 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job

[2011.04.01 01:33:33 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job

[2011.09.05 19:22:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.09.05 12:03:15 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN

[2009.06.05 11:19:58 | 000,000,000 | ---D | M] -- C:\1033

[2009.09.17 09:21:46 | 000,000,000 | ---D | M] -- C:\Boot

[2006.11.02 17:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.09.05 11:47:02 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2010.02.16 17:59:11 | 000,000,000 | ---D | M] -- C:\Games

[2009.06.05 10:22:13 | 000,000,000 | ---D | M] -- C:\Intel

[2009.06.05 11:20:05 | 000,000,000 | R--D | M] -- C:\MSOCache

[2008.01.21 05:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.09.02 07:25:55 | 000,000,000 | ---D | M] -- C:\ProcAlyzer Dumps

[2011.08.28 11:27:15 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.09.02 19:10:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2011.09.03 17:25:14 | 000,000,000 | ---D | M] -- C:\ProgramData

[2009.09.05 11:47:02 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.09.05 12:07:42 | 000,000,000 | ---D | M] -- C:\Qoobox

[2011.09.06 14:43:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.09.05 11:58:35 | 000,000,000 | ---D | M] -- C:\Toshiba

[2009.11.20 10:19:51 | 000,000,000 | R--D | M] -- C:\Users

[2011.09.06 13:43:01 | 000,000,000 | ---D | M] -- C:\Windows

[2009.06.05 11:18:08 | 000,000,000 | ---D | M] -- C:\Works

[2011.09.02 11:31:36 | 000,000,000 | ---D | M] -- C:\_OTL

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe

[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe

[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe

[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe

[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe

[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe

[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe

[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe

[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe

[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe

[2008.01.21 04:50:29 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe

[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe

[2008.01.21 04:49:53 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe

[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe

[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe

[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe

[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe

[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe

[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe

[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 <           >
 

< End of report >